FOIA.gov Exposes Social Security Numbers

By

Bug in site's search software caused display of sensitive material.

The US Office of Personnel Management lost more than 21.5 million records that were stolen, and now the US transparency site, FOIA.gov, has exposed sensitive information publicly, including birth dates, addresses, contact details, and immigrant identification numbers,

According to CNN “The error, on a Freedom of Information Act request portal, was fixed after CNN alerted the government to the situation. For weeks prior, however, individuals' sensitive personal information was available on the public-facing database unbeknownst to them or the government.”

The root of the problem was the site’s search software that is used to search existing FOIA requests. The site usually masks personal details, but a bug in the software allowed all information to be displayed, including social security numbers.

The bug was introduced when the website, managed by the EPA, was upgraded to version 3.0 in July 2018. According to an email obtained by CNN the PMO [Primary Management Office] has “implemented program fixes that resolved the problems".

09/10/2018

Related content

  • News for Admins
    Microsoft Starts Using AI for Enterprise Security, New Zero-Day Vulnerability Affects All Windows Systems, British Airways Breach Affects 380,000 Customers
comments powered by Disqus