Skip to Content
social security
Security & privacy

Government website exposed Social Security numbers, personal info

Hacks and breaches are a part of online life, and all we can do is hope that none of them impact anything we enjoy or use. Remember our story about 16 places that, if you’d visited before, may have led to your data being stolen?

At any rate, the point is issues with online information are rampant, and not likely to be stopped anytime soon. The latest problem impacted not a business, but the United States government.

It has to do with, which is the site that handles Freedom of Information Act requests. Evidently, there was an issue that exposed personal details — including Social Security numbers — for weeks.

Too much transparency can be a bad thing is there for people to learn about how to submit a request. Its home page states that the “basic function of the Freedom of Information Act is to ensure informed citizens, vital to the functioning of a democratic society.”

The site is run by the Environmental Protection Agency, and seemed innocent enough until it was discovered there was a software bug in the site’s search facility. The feature is meant to allow people to search existing FOIA records to see who has requested information and about what.

Those records included personal details that are normally withheld until the place or person who originally made the request gives permission for them to be revealed. They are hidden with a masking feature that, until early July, had been working properly.

But the glitch in the software, which surfaced when the website upgraded to a newer version, led to the records — which included data such as birth dates, immigration identification numbers, addresses and contact details — being available by default.

Also, full or partial Social Security numbers were within the data, with all the information being exposed for weeks. For context, CNN identified at least 80 full or partial SSNs during its research into the matter.

Upon learning of the problem, tried to put the mask back on the sensitive information, but some of it needed to remain public. A notice was sent to the affected originating agencies, one that asked for them to review the information to ensure it was authorized to be disclosed.

Even if wouldn’t help in this case, here are things to think about in case of data breaches

  • Keep an eye on your bank accounts – You should be frequently checking your bank statements and looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check HaveIBeenPwned – this site will tell you if your information has been stolen in a previous breach.
  • Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
  • Close unused accounts – Here’s an easy way to manage all of your online accounts at once.
  • Beware of phishing scams – Scammers will try to piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
  • Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
  • Check email security settings – Make sure the email account associated with the hacked site has updated security settings.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.
cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out