Nobody cares more about your personal information than you do. Unfortunately, there’s nothing we can do to keep it out of the hands of the government.
According to a report issued by the SSA’s Office of the Inspector General, some 36,657 people were erroneously included in the SSA’s Death Master List, which collects names of recently deceased individuals and is sold to the public.
The data was published between May 2007 and April 2010, according to the report. The SSA had already exposed an additional 26,930 individuals’ records between July 2006 and Jan. 2009.
via Social Security Administration Exposed Data Of 36,000 Over Three Years – Darkreading.
According to Texas State Comptroller Susan Combs, the data wasn’t exposed by a hacker or a group of vigilante scriptkiddies—it ended up on a state-controlled public server after having been passed around between various state agencies. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas, all of whom transferred the unencrypted data (against state policy) between January and May of 2010. The information was only discovered on the public server on March 31, 2011, meaning it has been available for almost a year.
So far, the state says there’s no indication that the data was misused, but that doesn’t mean it hasn’t or won’t be sometime in the future. In addition to the aforementioned personal information, Combs said that other data, like date of birth and driver’s license numbers had been exposed “to varying degrees.” Additionally, “all the numbers were embedded in a chain of numbers and not in separate fields”—good if only lazy “hackers” accessed the file, but bad because it ensures that the appropriate data is matched with other data from the same person.
I’m wondering which employees had access to the data, and which had access to the public server, and what sort of processes were violated which resulted in this data being published to the Internet at large.
via Texas exposes addresses, SSNs of 3.5 million residents