Tech

Glitch in FOIAonline.gov reveals personally identifiable information

A glitch in the government's central Freedom of Information Act (FOIA) portal FOIAonline.gov caused "dozens, if not hundreds" of social security numbers to be revealed.

By Tajha Chappellet-Lanier

September 4, 2018

(Getty Images)

A glitch in the government’s central Freedom of Information Act (FOIA) portal FOIAonline.gov caused “dozens, if not hundreds” of social security numbers to be revealed, CNN reported.

Worse, the government didn’t notice the issue until CNN pointed it out.

It happened, according to CNN, when the FOIAonline.gov site updated from its 2.0 version to the new 3.0 version at the beginning of July. In the days following that update, visitors to the website who used the “search requests” function got more than they bargained for. Generally, this function allows users to see what has been requested, by whom and, sometimes, what has been provided. It generally does not include personally identifiable information.

“After a tip from a source who had noticed the glitch, with two quick searches, CNN discovered that the government had published at least 80 full or partial Social Security numbers,” the story reads. “There were other instances of sensitive personal information, including dates of birth, immigrant identification numbers, addresses and contact details.”

FOIAonline.gov is designed to be a single entry point for FOIA requests. It’s used by a number of agencies, including the General Services Administration, the Environmental Protection Agency, the Department of Commerce and more. The Environmental Protection Agency provides the IT resources necessary to maintain the website.

Once aware of the glitch, the EPA tried to re-mask much of the sensitive information. However, given that the choice about what information should truly be made public lies with individual agencies, the EPA informed all the agencies that use FOIAonline.gov about the issue on Thursday.

“After our fix… some names and addresses still do appear in publicly available FOIAonline records,” the EPA wrote in an email to agencies. “It is requested that partner agencies review publicly viewable information to ensure that any personal information is specifically intended to be presented as such.”

Glitch in FOIAonline.gov reveals personally identifiable information

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Tech issues are part of the problem — and solution — for FOIA backlog, GAO finds

Top Stories

State Department encouraging workers to use ChatGPT

Congressional panel outlines five guardrails for AI use in House

Federal CIO calls on Congress to fund Technology Modernization Fund

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

More Scoops

On some basic metadata practices, US government gets an ‘F,’ per new online tracker

How risky is ChatGPT? Depends which federal agency you ask

CGI lands multi-year EPA contract on IT enterprise development

Some agencies fall behind on FOIA.gov interoperability requirements

Deficiencies in EPA’s radiation data system pose ‘significant risk to public health,’ watchdog says

Department of Energy appoints Brian Epley as principal deputy CIO

EPA awards $661.6M digital modernization and managed services contract to GDIT

Latest Podcasts

Glitch in FOIAonline.gov reveals personally identifiable information

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition