USDA officials apologize for exposing Social Security numbers
Department started to purge numbers from databases after VA data breach last year, but tens of thousands slipped through the cracks.
Top Agriculture Department officials conceded Wednesday they discovered 38,700 Social Security numbers of farmers were publicly available on the Internet only after a sleepless farm woman found hers there one night.
The officials -- including Charles Christopherson, USDA's chief financial officer -- said the sensitive data was immediately purged after Marsha Bergmeier of Fairmont, Ill., discovered her Social Security number on a public Web site April 12 and notified the department the next day.
"We take full responsibility for this incident and offer no excuses," Christopherson said. "We regret the exposure of this sensitive information."
Under questioning from House Agriculture Committee members, Christopherson said the department had begun purging Social Security numbers from its databases last June after a Veterans Affairs Department laptop with thousands of Social Security numbers went missing.
But even though that purge had eliminated an estimated 29,500 Social Security numbers from USDA databanks, Dave Combs, USDA's chief information officer, said 38,700 more listed on farm loans and grants escaped the purge.
"It slipped through the net that we put out," said Combs, who added that he was "sorry that happened."
Rep. Zach Space, D-Ohio, said he was concerned that USDA had not discovered that the numbers were on the Internet for an additional 10 months.
Christopherson said those numbers were not found because they did not stand out by themselves, but rather were embedded in the middle of a series of 15 identification numbers.
"They were not readily apparent," he said. "To date, there is no evidence that this information has been misused. USDA is offering 12 months of credit monitoring services to help affected persons monitor their personal accounts."
Space seemed unconvinced. "In many ways, this situation is far worse than the information stolen from a Veterans Affairs computer," he said. "The VA computer was stolen by one person and those records remained on only that one computer. It baffles me that not only was this information available to the entire public -- it was available for 26 years and went unnoticed by the USDA."
The Social Security numbers had been in the USDA system since 1981 and on the World Wide Web since 1996.
Space also pointed to critical reports, including one from the USDA's inspector general, of "poor performance by the USDA regarding information security." These included 95 lost computers containing personal information, Space said.
Agriculture Chairman Collin Peterson, D-Minn., said that, in addition to the security breach, access to computer-based systems has been a "recurring problem."
"Computer failures at the Farm Service Agency have prevented farmers from signing up for farm programs online and in FSA offices," Peterson noted.
Agriculture ranking member Bob Goodlatte, R-Va., made the criticism bipartisan by noting that "the performance of USDA in this episode certainly lends significant credibility to those who fear that their information will not be protected from release while in the hands of USDA."
NEXT STORY: Agencies' responses to data breaches vary