Department Of Agriculture Exposes Over 60,000 Social Security Numbers, Identity Thieves Reap Record Harvest

A database used by the Department of Agriculture for twenty-six years may have compromised the social security numbers of over 60,000 farmers. The breach was discovered after a bored Illinois farmer googled the name of his farm.

The database is more than two decades old and is used by federal and state agencies, researchers, journalists and private citizens to track government spending. Thousands of copies of the database exist.

The database was used by the Farm Service Agency and USDA Rural Development. The Department is notifying affected individuals by mail, and will provide them with free credit monitoring for one year. If you want more information, but don’t want to wait for a letter, lay down your plowshares and pruning hooks and call the USDA incident hotline at (800) FED-INFO (333-4636). — CAREY GREENBERG-BERGER

U.S. Database Exposed Social Security Numbers [NYT]
(Photo: g-hat)


Edit Your Comment

  1. timmus says:

    Free credit monitoring for ONE year?

  2. superlayne says:

    Don’t. Put. Social. Security. Numbers. ANYWHERE. on. the. Internet. AT ALL.


    NOTHING on the Internet is entirely secure! Everything is a 12 year old away from being hacked and thrown to the masses.

  3. rbcat says:

    If anybody thinks “heck, this can’t apply to me,” think again. I have two Farm Trailer plates issued by Texas, and I get surveys every year from Ag on the state of my farm (really a 5ac plot in E.Tx.). Turns out I may very well be in this database just because of these stupid surveys and because Texas used to copy the entire plate record (including SSN) back when I got these plates. They’ve stopped including the SSN (collect it for “child support enforcement”), but hey, released once means released forever…

  4. Dude. Sweet headline Carey!

  5. Hoss says:

    Could have been Oliver Wendall Douglas’ big case…

  6. ChrisAllison says:

    While the stereotype of the American farmer may be that of a dude in John Deere cap and blue jeans, in this case, you got the gender wrong.

    The farmer who discovered the breach – Fairmount Illinois’ Mohr Family Farms’ president Marsha Bergmeier – did so by googling the name of her farm. (As reported by both NPR and your own linked-to NYTimes article.)

  7. Kryndis says:

    This standard one year of credit monitoring deal that companies keep tossing out is crap. Everyone knows that to be truly safe these people are going to have to pay for credit monitoring for the rest of their lives. Has anyone tried suing any of the companies/agencies responsible for these huge security breaches for the cost of lifetime credit monitoring (not to mention the costs incurred for fixing any credit problems caused by the lax security)?

    If not, I’m betting it’s only a matter of time and I sure hope a precedent is set that will make these little “accidents” a whole hell of a lot more expensive. Maybe then they’ll stop happening quite so often.

  8. TSS says:

    I’m not just angry at the government, I really angry at these credit bureaus, too. They don’t do a damn thing to help people who are victims. They just say, “Oh sign up for our plan – it’s $15/month.” I never gave them the authority to collect my information, but they do it. And they make a lot of money off of it. I think they must start accepting some of the responsibility for helping victims of identity theft.

  9. shdwsclan says:

    If anything, they should offer credit monitoring for 1 decade and pay any fees that result in identity theft.

    Thats what happens when you hire programmers just from ANY university….

    Only a few universities offer classes/class sets that issue data security certifications on databases, which means they know how to work with sensitive data. Sure, you can get a degree anywhere, but the 4-600 level classes are not always the same.

    Also, programmers with such certifications cost more, obviously.

    In the end this is the difference between a
    secure database and a database that is exposed where webcrawlers can just get at them.