Personal Tech Pipeline | Justice Department Reveals Social Security Numbers

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

December 23, 2005

Justice Department Reveals Social Security Numbers

Courtesy of InformationWeek

The federal government is responsible for issuing Social Security numbers, but it may not be doing enough to protect these critically personal pieces of information on its own Web sites. Acting on a tip, InformationWeek was able to access Web pages that include the names and Social Security numbers of people involved in Justice Department-related legal actions. It's a discomforting discovery at a time when identity theft and fraud are on the rise.

One document on the Justice Department Executive Office for Immigration Review's site listed the name and Social Security number of a woman involved in a 2003 immigration-review case. Another document from 2002 listed the name and Social Security number of a man who was being prosecuted for committing insurance fraud. Other searches of the Justice Department's site yielded more Social Security numbers and identifying information.

When contacted on Dec. 20 about the presence of a 2003 document revealing personally identifying information, a spokesman for the Justice Department's Executive Office for Immigration Review noted that his division is governed by the department's overall privacy rules, the Privacy Act, and the Freedom of Information Act. He acknowledged that the woman's Social Security number displayed in the immigration-review case shouldn't be available to the general public, would be removed from the site, and that the woman in question would be notified that her number had been published.

A search Friday on the Justice Department's Web site for the woman's name indicated that the document had been blocked from public view. However, Google and Yahoo searches returned a hyperlink to her PDF court document. The PDF is now blocked when clicking on this link, but the information can still be obtained by clicking on the "text version" of the link.

But according to an InformationWeek source, the Justice Department had been notified of the error more than a month ago. The source, a systems security manager at a California bank, said he saw the information on the site and sent an E-mail on Nov. 12 alerting the Justice Department. The security manager followed up with the Justice Department via E-mail on Dec. 4 and was notified on Dec. 6 by the site's Web master that his E-mail had been forwarded to the "responsible component within the Department." The systems security manager contacted InformationWeek on Dec. 19 when he noticed that the person's name and Social Security number still could be found on the Justice Department's Web site.

In the nearly 70 years that the U.S. government has been issuing Social Security numbers, their use has grown from being strictly for government record-keeping to becoming attached to nearly every important document in a person's life, including bank accounts, medical records, and employment files. The growing use of computers to store all of this information has led to a new era of electronic identity theft, with Social Security numbers being of particular value for cybercriminals.

More than 51 million Americans have had their personal information compromised since February 2005 through a variety of means, including software programs that monitor keystrokes to acquire passwords, phishing, and low-tech techniques such as eavesdropping and dumpster diving, according to the Privacy Rights Clearinghouse, a nonprofit consumer watchdog organization.

The Justice Department, meanwhile, touts its efforts to crack down on identity theft and identity fraud through the 1998 Identity Theft and Assumption Deterrence Act, which prohibits using or transferring another person's identifying information with the intent to commit, or aid or abet, any unlawful activity. The law, in most circumstances, carries a maximum prison term of 15 years.

Recognizing the threat to public well-being, not to mention the proliferation of E-commerce and E-government, government has stepped up its efforts to penalize companies that are criminal or careless with personal information. Since March 2005, more than 20 states have enacted legal requirements for notifying the public regarding security breaches involving personal information.

But the government's role in protecting its citizens from identity theft and fraud is likely to get murky in 2006. Bills in both the House and Senate would impose a less-stringent standard for notification and pre-empt state laws. While identity-theft notification standards differ from state to state, one of the federal bills in play would require agencies and persons in possession of computerized data containing sensitive personal information to disclose security breaches only when such a breach poses a significant risk of identity theft.

Yet the availability of Social Security numbers on one of its own Web sites indicates the federal government may need to pay closer attention to its own adherence to identity-theft prevention.

E-mail This Story
Print This Story
Reprint This Story

More Information

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

<A HREF=";FlightID=43527&amp;AdID=86369&amp;TargetID=3743&amp;Segments=1411,1892,3108,3448,4526,4760&amp;Targets=1491,2625,2878,3743&amp;Values=34,46,51,63,77,85,90,100,140,222,227,399,442,645,646,659,1184,1405,1431,1785,1798,1901,1925,1945,2217,2299,2310,2329,2352,2678,2787,2862,2956,3235,3260,3347,3385&amp;RawValues=&amp;Redirect=" target="_top"><IMG SRC="" WIDTH=300 HEIGHT=250 BORDER=0></A>

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
Unleash the Power & Opportunity of Grid Computing
Experts will identify trends in grid computing, provide
examples and examine solution options.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

Trend Micro Enterprise Anti-Spyware Solutions
"Trend Micro is delivering what enterprise customers want." -The Forrester WAVE/Enterprise Anti-Spyware, Q1 2006/Forrester 2006. Download a FREE 30-day trial of Trend Micro Anti-Spyware Solutions for Enterprise Today.

Prevent Information Leaks from your Network
With GTB Inspector Appliance. Free Trial (March 2006 only). GTB Inspector is a hardware appliance. It is installed easily and transparently on the network edge and prevents leaks of confidential information to the Internet.

Cost-Effectively Secure Sensitive Data
Encrypting data in servers and databases can address security gaps and privacy legislation. Ingrian DataSecure Platforms offer granular encryption, seamless integration, and centralized security management. Combat data theft--with unprecedented ease and cost effectiveness. Download a white paper that outlines best practices for securing data.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia