That said, the USDA admits that there are still 63,000 who were exposed, an act for which the USDA says they are very sorry for.
In an attempt to provide some kind of compensatory action, the USDA is offering those affected the use of “free credit monitoring services”, although it is questionable whether this is really enough.
The Washington Post and UPI have reported that Terri Teuber, a spokesperson for the US Dept of Agriculture, saying that: “We take full responsibility for this and offer no excuses for it. We absolutely do not think it was appropriate.”
Also reported were the comments of Gary Bass, executive director of OMB Watch, who said that: “The bottom line is the government screwed up. What’s really important is that they now try to rectify the problem. Thousands of research groups have copies of this site.”
The data breach was reported to have been spotted by an Illinois farmer who was searching the Internet, and came across the massive data leak on April 13, although the data was not immediately removed nor the public informed because it reportedly took time for the information to be fully wiped, both from the USDA website and from online search engine caches and mirror sites.
The whole episode really is a massive wake-up call for any company, government organization or individual dealing in databases of data, especially that which is searchable on the Internet, whether a password is required for access or not.
The USDA says that the 63,000 people affected were “awarded funds through the Farm Service Agency (FSA) or USDA Rural Development (RD)”. The programs cover many different types of loans and grants, and so as you can imagine, much private and sensitive personal and company data and other financial information was at risk, able to easily be stolen by anyone that wanted it.
Naturally, the USDA says that they remove the information as soon as they were aware of the “potential exposure”. They also say that “There is no evidence that this information has been misused”, although how could they possibly know at this stage?
The USDA does try to cover themselves somewhat by saying that: “However, due to the potential that this information was downloaded prior to being removed, USDA will provide the additional monitoring service”.
How many other companies are exposing our private data? Once again, it’s a massive wake-up call for any company maintaining a database. Something similar could happen to you, whether by accident, through a badly configured database and web interface, through to malicious action by an employee or more.
