A federal government transparency website made public Social Security numbers and other personal information in a design error during a system upgrade.
Individuals’ sensitive personal information was available on the public-facing database unbeknownst to them or the government.
CNN discovered that the government had published at least 80 full or partial Social Security numbers.
There were other instances of sensitive personal information, including dates of birth, immigrant identification numbers, addresses and contact details.
The glitch also exposed other sensitive information about individuals.
In one instance, a victim of a violent crime seeking information about the case described the crime.
In others, victims of identity fraud seeking more information about their cases had their Social Security Numbers exposed in the process.
A design bug also revealed information about the requester with no safeguards for personally identifiable information.
The problem was with the feature that allowed anyone to search existing FOIA requests.
Source: https://edition.cnn.com/2018/09/03/politics/foia-revealed-social-security-numbers/index.html
TPRM report: https://scoringcyber.rankiteo.com/company/state-of-washington
"id": "sta41811122",
"linkid": "state-of-washington",
"type": "Data Leak",
"date": "09/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Public Administration',
'name': 'Federal Government Transparency Website',
'type': 'Government'}],
'attack_vector': 'Design Error',
'data_breach': {'personally_identifiable_information': ['Social Security '
'numbers',
'Dates of birth',
'Immigrant '
'identification '
'numbers',
'Addresses',
'Contact details'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Dates of birth',
'Immigrant identification '
'numbers',
'Addresses',
'Contact details',
'Information about violent crime '
'victims',
'Information about identity '
'fraud victims']},
'description': 'A federal government transparency website inadvertently made '
'public Social Security numbers and other personal information '
'due to a design error during a system upgrade.',
'impact': {'data_compromised': ['Social Security numbers',
'Dates of birth',
'Immigrant identification numbers',
'Addresses',
'Contact details',
'Information about violent crime victims',
'Information about identity fraud victims'],
'systems_affected': ['Public-facing database']},
'post_incident_analysis': {'root_causes': 'Design bug in the FOIA request '
'search feature'},
'references': [{'source': 'CNN'}],
'title': 'Data Exposure on Federal Government Transparency Website',
'type': 'Data Exposure',
'vulnerability_exploited': 'Design bug in the FOIA request search feature'}