So it came as next to no surprise when the U.S. Department of Agriculture (USDA) announced Friday that the personal information of tens of thousands of people was publicly exposed on FedSpending.org, a searchable online database that chronicles, you guessed it, federal spending dollars.
Today the Department of Ag "narrowed" the number of potential victims down to 38,700 from initial estimates of as many as 150,000. Big deal. Frankly, I don't think spinning the story in this direction is the right thing to do.
Is this what the breach landscape has come to? "Well my exposure wasn't nearly as bad as your exposure because we only lost 38,000 Social Security numbers...and you guys lost, like, 200,000."
Please. One exposed piece of personally identifiable information is one too many.
So what can be done about preventing something like this in the future? Hmmm, I have been hearing a lot about these leak prevention providers, like the Vontus and the Reconnexes. Maybe they're on to something.
Here's another idea: Eliminate the unnecessary use of SSNs as identifiers. Department officials told The New York Times
that when the public database was first created it contained SSNs, before online identity theft became an epidemic. Why they never revisited the database is anybody's guess.
Meanwhile, the USDA is promising credit monitoring services to affected parties - mostly farmers awarded funds through the Farm Service Agency or USDA Rural Development. There is, however, no evidence of any criminal wrongdoing thus far.