A design error during an upgrade on a Freedom of Information Act request site exposed personal information, including Social Security numbers, birth dates and immigrant identification numbers.

After following a tip, CNN found that the site had revealed the partial or full social security numbers of at least 80 persons and in one case, a violent crime victim described the crime while looking for additional information on the incident.

The government says it has secured the information after CNN alerted it to the error in a feature that lets the public search through FOIA requests and view not only the request but who requested it and sometimes what information has been provided in response.

But the description field is supposed to be shielded until an agency approves the request. The glitch left that field open to public review, though.

"Recently it was discovered that PII (SSN) information in some records was exposed to the public," according to an email alert from the Environmental Protection Agency (EPA) office charged with managing the FOIA clearinghouse cited by CNN. "The PMO [Primary Management Office] has identified the cause of this issue and this afternoon implemented program fixes that resolved the problems.”

Noting that the error would soon be reported by the media, the alert said “that after our fix…some names and addresses still do appear in publicly available FOIAonline records” but that a PMO review showed “this information has been marked as publicly viewable by the reporting agencies. It is requested that partner agencies review publicly viewable information to ensure that any personal information is specifically intended to be presented as such."

 

Source : https://www.scmagazine.com/foia-portal-upgrade-error-exposes-ssns-pii/article/792954/