Worse, the government didn’t notice the issue until CNN pointed it out.
It happened, according to CNN, when the FOIAonline.gov site updated from its 2.0 version to the new 3.0 version at the beginning of July. In the days following that update, visitors to the website who used the “search requests” function got more than they bargained for. Generally, this function allows users to see what has been requested, by whom and, sometimes, what has been provided. It generally does not include personally identifiable information.
“After a tip from a source who had noticed the glitch, with two quick searches, CNN discovered that the government had published at least 80 full or partial Social Security numbers,” the story reads. “There were other instances of sensitive personal information, including dates of birth, immigrant identification numbers, addresses and contact details.”
FOIAonline.gov is designed to be a single entry point for FOIA requests. It’s used by a number of agencies, including the General Services Administration, the Environmental Protection Agency, the Department of Commerce and more. The Environmental Protection Agency provides the IT resources necessary to maintain the website.
Once aware of the glitch, the EPA tried to re-mask much of the sensitive information. However, given that the choice about what information should truly be made public lies with individual agencies, the EPA informed all the agencies that use FOIAonline.gov about the issue on Thursday.
“After our fix… some names and addresses still do appear in publicly available FOIAonline records,” the EPA wrote in an email to agencies. “It is requested that partner agencies review publicly viewable information to ensure that any personal information is specifically intended to be presented as such.”