Farmer Discovers USDA Data Leak

The U.S. Department of Agriculture will give free credit monitoring to tens of thousands of people whose social security numbers were inadvertently made public on a government Web site.

The USDA said it is aware of no cases where the so-called private identification information was used for identity theft or other illegal purposes, but the potential exists, especially since the information was disseminated over the Internet.

The affected people received loans through the government's Farm Service Agency (FSA) or USDA Rural Development (RD), said the USDA. The agriculture department said the social security numbers were removed from the Web site immediately after USDA learned about the situation last week.

No Signs of Misuse

"There is no evidence that this information has been misused," stressed USDA in a statement. "However, due to the potential that this information was downloaded prior to being removed, USDA will provide the additional monitoring service."

Last week, the USDA said 63,000 people were affected but it was in the process of recalculating that number yesterday, USDA Press Secretary Keith Williams told TechNewsWorld.

The free credit monitoring will be limited to one year.

The department did not realize the social security numbers were easily available to anyone doing a Web search. It found out on April 13 when a farmer, whose farm was a recipient of the government agriculture funding, came across the data when she did a Web search on her farm's name.

Embedded Numbers

Google (Nasdaq: GOOG) directed the woman to a Web site operated by government watchdog group OMB Watch. The site got its information from the U.S. Census Bureau, which initially published the USDA data, OMB Watch Communications Director Brian Gumm told TechNewsWorld.

"All of the private identifying information was embedded in a larger [numeric string] and therefore not immediately identifiable," noted the USDA. "The same day, all identification numbers associated with USDA funding were removed from the Web site."

The fact that the social security numbers were embedded in a larger number might explain why they were allowed to be published, said Gumm.

The government is now in the process of generating new federal identification numbers that do not contain any personal identification information.

The Human Touch

The case points out the importance of making sure the people involved in making government data public are careful with sensitive information, privacy and information policy consultant Robert Gellman told TechNewsWorld.

"Somebody, without paying any attention, made social security numbers available in this fashion and we've come to learn in the past 10 years that disclosing social security numbers maybe isn't such a good idea" said Gellman.

However, there seemed to be a bit of hype surrounding the case since miscreants in search of personal identify information have many ways of getting it, he said, including the purchase of lists with social security numbers.

Other Means for Misbehavior

"Social security numbers are not exactly secret numbers," said Gellman. "You can buy somebody's number on the Net for few dollars. I would not like to have my social security number published on the Net, but these farmers have had their numbers available for a long time and whether anything bad happened to any of them, I don't know. There have been a lot of security breaches with millions of people whose information was published, lost or released. In an extremely large percentage of those cases, nothing happened to anybody."

Although OMB Watch's site helped distribute the private information, Gumm said Fedspending.org serves an important function in a country that values transparency in government and open public records. Gellman said the line between private data and the public's right to know where government money is being loaned or spent is sometimes fuzzy.

"Not everything personal is necessarily secret," he noted.