your connection to The Boston Globe

US posted 63,000 Social Security numbers on Web

USDA reports data breaches

WASHINGTON -- The Social Security numbers of 63,000 people who received Agriculture Department grants have been posted on a government website since 1996, but they were taken down last week.

Free credit monitoring is being offered to those affected.

The security breach was only noticed last week and promptly closed, the Agriculture Department and Census Bureau announced yesterday.

But a study has begun to see whether 32 other federal agencies may have followed the same practice. The Agriculture data that included Social Security numbers were removed from the Web on April 13 and similar data from 32 other agencies were taken down April 17 as a precaution, said Agriculture spokeswoman Terri Teuber.

A review has determined that none of the other 32 agencies had a similar problem, said Sean Kevelighan, spokesman for the Office of Management and Budget.

"There is no evidence that this information has been misused," Teuber added. "However, due to the potential that this information was downloaded prior to being removed, USDA will provide the additional monitoring service."

When the breach was reported to Agriculture on April 13, there were Social Security numbers for 47,000 recipients of grants from the department's Farm Services Agency and from USDA Rural Development on a public website maintained by the Census Bureau.

The department said the Social Security numbers of 105,000 to 150,000 individuals had been entered into federal databases open to the public since 1981. But the data have only been posted on the Internet by the Census Bureau since 1996.

The Census Bureau collects the grants made by 33 federal agencies and posts them on the Internet without analysis. By law, the names of these recipients and how much money they got are public records.

The disclosure was made six months after a congressional report found federal workers at 19 agencies had lost personal information affecting thousands of employees and the public, raising concerns about the government's ability to protect sensitive information.

In all, the House Government Reform Committee reported 788 incidents involving the loss or compromise of sensitive personal information since Jan. 1, 2003. That was in addition to the "hundreds of security and privacy incidents" at the Department of Veterans Affairs, according to a report the committee issued in October.

Teuber said the two Agriculture Department programs involved gave each grant a 15-digit identifying number. Included among those digits was the recipient's 9-digit Social Security number. There was nothing on the website that indicated the grant number contained the Social Security number, but the recipient who reported the problem recognized her Social Security number in the grant number, Teuber said.

To avoid revealing information that could increase the vulnerability of this private data, Teuber said Agriculture was not releasing more details, including the Web address, of the government site where this information was disclosed until all potentially compromised recipients have been notified.

The Agriculture Department is sending registered mail notifications to 63,000 recipients identified as having been part of the public database since 1981.

While up to 150,000 names have been entered into that database since 1981, some names have been entered more than once.

At an estimated taxpayer cost of $4 million, Agriculture is offering each of them free credit monitoring for one year, Teuber said.

USDA funding recipients who wish to take advantage of the credit monitoring offer will receive instructions on how to register.

Any USDA funding recipient with questions may call 1-800-FED-INFO (1-800-333-4636) or visit The call center operates from 8 a.m. to 8 p.m., Monday through Friday.

Under supervision of the Office of Management and Budget, the grant numbers posted by the other 32 agencies were taken down and reviewed to see whether any included Social Security numbers. "We are sure no other agencies . . . were impacted by similar problems," said OMB's Kevelighan.

He attributed the quick response to safeguards set up throughout the government after the Veterans Affairs Department problems last year.