Social Security numbers exposed on US government transparency site | Cyber Security

Latest breaking news on

The US dozens of people’s personal details, including security , due to an online mishap on a public portal, it emerged this week., a that centrally administers freedom of information act requests, had been serving up the information for weeks, CNN reported on Monday.

People use the site, operated by the Environmental Protection Agency, as a single go-to source for requesting information from the government. They can submit requests concerning everything from data about criminal cases through to government expenses through the portal. The site then routes information requests through to the appropriate agencies and delivers the results.

Those requesting information may enter sensitive personal data and are even encouraged to do so by government agencies to help service their requests – information such as status on an immigration application or information about criminal cases.

A little too transparent

The problem stemmed from a software bug in the site’s search facility. This allows people to search existing FOIA requests and find out who has requested information about what. These records include personal details that the site normally withholds until the originating agency gives permission to reveal it.

That masking stopped working. Instead, the site began displaying all of the information by default, including sensitive data, effectively rendering it publicly available.

The software glitch meant that sensitive information about individuals, including birthdates, immigrant identification numbers, addresses and contact details were available online. CNN identified at least 80 full or partial Social Security numbers during its research.

According to the news site, the masking feature had been working properly until 9 July, when the website upgraded from version 2.0 to version 3.0. This means information would have been publicly available until shortly after reporters from CNN, tipped off by a source, alerted the government.

At that point, attempted to re-mask sensitive information, but some data needed to remain publicly viewable. Last Thursday, it sent a notice to the relevant originating agencies asking them to review the publicly viewable information on the site to ensure that was authorized to disclose it.