A government website devoted to Freedom of Information Act requests made dozens, possibly hundreds, of Social Security numbers and other personal information public after an error during a system upgrade, CNN reports.
Foiaonline.gov, which handles FOIA requests for multiple government agencies, had people’s sensitive, personal information publicly available for weeks before CNN alerted the government to the issue. This information included at least 80 complete or partial Social Security numbers, their dates of birth, addresses, and other contact details. In some instances, victims of identity fraud who were looking for more information had their Social Security numbers made public.
According to CNN, the issue involved the website’s search feature, which allows anyone to search FOIA requests. When users click on these results, the full description is withheld unless it’s been approved. The website got an upgrade on July 9, which caused a glitch that allowed the full description to be read on the search page alone.
"The PMO [Primary Management Office] has identified the cause of this issue and this afternoon implemented program fixes that resolved the problems," read an email from the office of the Environmental Protection Agency that manages the website, according to CNN.
"The EPA is aware and working with partner agencies to remediate an issue with the FOIAonline 3.0 system," EPA spokesperson John Konkus said. "The issue affects a limited number of cases and inadvertently displays descriptive information that may, in some instances, include Social Security Numbers. EPA will follow the Agency's Breach procedures to evaluate the situation further and take the appropriate mitigation measures."