Russ McBee

Apparently, an online database maintained by the USDA and the Census Bureau accidentally revealed as many as 150,000 Social Security numbers to anyone searching the site. A bored farmer decided to Google herself and stumbled upon 30,000 SSNs in the process. This wasn't a case of data being stolen, or hacked, or left behind on a laptop in a taxi. This was simply data that was not secured in the first place.

Oops.

Of course, the Feds are on top of it:

While there was no evidence to indicate whether anyone had in fact used the information improperly, officials at the Agriculture Department and the Census Bureau removed the Social Security numbers from the Census Web site last week.

Officials at the Agriculture Department said Social Security numbers were included in the public database because doing so was the common practice years ago when the database was first created, before online identity theft was as well-known a threat as it is today.

[...]

Terri Teuber, a department spokeswoman, said the agency was notifying people whose Social Security numbers were disclosed on the site. She said the agency was also planning to contract with a company to monitor the credit reports of all the affected individuals, at an estimated cost of about $4 million.

Obviously, there's no way to tell if the data has been misused, but I think it's probably a safe bet to assume those SSNs have been compromised. The problem lies in the fact that SSNs were used as a personal identifier at all; I know it's been a common practice to use SSNs in many contexts unrelated to Social Security, but the practice should have never started in the first place. When I was an undergraduate at UTK back in the late 12th century, they used SSNs as student ID numbers; hardly anyone raised much of a stink about it at the time (except me). UTK doesn't use SSNs any more, but lots of other places still do.

Lax security practices such as this are reason #1 why SSNs should never be divulged unless it's directly related to Social Security.