The US government exposed dozens of people’s personal details, including social security numbers, due to an online mishap on a public transparency portal, it emerged this week.
FOIA.gov, a site that centrally administers freedom of information act requests, had been serving up the information for weeks, CNN reported on Monday.
Those requesting information may enter sensitive personal data and are even encouraged to do so by government agencies to help service their requests – information such as status on an immigration application or information about criminal cases.
The problem stemmed from a software bug in the site’s search facility. This allows people to search existing FOIA requests and find out who has requested information about what. These records include personal details that the site normally withholds until the originating agency gives permission to reveal it.
That masking stopped working. Instead, the site began displaying all of the information by default, including sensitive data, effectively rendering it publicly available.
The software glitch meant that sensitive information about individuals, including birthdates, immigrant identification numbers, addresses and contact details were available online. CNN identified at least 80 full or partial Social Security numbers during its research.
According to the news site, the masking feature had been working properly until 9 July, when the website upgraded from version 2.0 to version 3.0. This means information would have been publicly available until shortly after reporters from CNN, tipped off by a source, alerted the government.
At that point, FOIA.gov attempted to re-mask sensitive information, but some data needed to remain publicly viewable. Last Thursday, it sent a notice to the relevant originating agencies asking them to review the publicly viewable information on the site to ensure that FOIA.gov was authorized to disclose it. (CNN, September 3, 2018)
--
Database compromises are a common problem, both for government information and for businesses that maintain information about their customers. Making data accessible to those who have an authorized and legitimate need for it, while at the same time keeping that data protected from all other access is a significant problem.
Errors exists in databases, or are created when systems and software are upgraded. Criminals may find ways to exploit weaknesses in security, and insiders may compromise information through intent, negligence, or error.
Before providing any of your personal information to a government agency, or to a business, ask yourself what will be the effect if (when) this information is compromised?
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.