Massive data breach at US agency

The Social Security numbers of thousands of people who received loans from the U.S. Department of Agriculture (USDA) have been exposed for a number of years in a publicly available database, according to OMB Watch, a Washington-based non-profit government watchdog organization.

Share

The Social Security numbers of thousands of people who received loans from the U.S. Department of Agriculture (USDA) have been exposed for a number of years in a publicly available database, according to OMB Watch, a Washington-based non-profit government watchdog organization.

The issue was first discovered on 13 April 13 by a user of OMB Watch's FedSpending.org, an online service about federal spending that includes a government database that contained the personally identifiable information, said OMB Watch's Executive Director Gary Bass. OMB Watch monitors the White House's Office of Management and Budget.

The data in question appears in the Federal Assistance Award Data System (FAADS), a government database of all federally provided financial assistance (not including procurement), according to OMB Watch. FedSpending.org makes FAADS and publicly available data about government contracts accessible to the public in a searchable format in order to focus attention on government spending patterns. The group created the site last year to provide public access to government contracts and grants in a searchable database, according to the statement.

Users can search the information by company or by individual names to see who receives federal money, OMB Watch said.

Bass said the original FAADS files have been freely available for anyone to download from the U.S. Census Bureau's Web site for years, and it appears the database containing personally identifiable information has been widely distributed for a long time.

"The data field at the heart of the security problem, the Federal Award ID, is vitally important to investigators and researchers tracking specific transactions, as it is the only means for identifying a specific loan or grant," Bass said. "For example, in order to file a Freedom of Information request about a financial transaction, the public needs to provide the Federal Award ID [which includes Social Security numbers].

Find your next job with computerworld UK jobs