Frauds, Fakes, Or Fabulous
Dec 5, 2008 7:27 pm US/Eastern
Thousands Of Fla. Social Security Numbers Exposed
MIAMI (CBS4) ―
A quarter of a million names and social security numbers for Floridians have been put at risk, with a website exposing these victims' information to the world.
CBS4 News has been working on this story since October, and Thursday night we found out that major changes are being made to make sure this doesn't happen again.
CBS4's David Sutta was able to get an exclusive interview with a victim and the man responsible for blowing the whistle on the state website at the center of the mess.
"This is by far the largest breach I have ever come across," said Aaron Titus, of
ssnbreach.org.
Titus has come across many. He has a full time job, is a law school student, and a father of three with another one on the way. In his spare time he operates ssnbreach.org, a non-profit that finds websites that expose social security numbers.
He stumbled upon this two months ago: 17,000 files posted on the Internet by
Florida's Agency for Workforce Innovation.
"I used Google during a class when my professor was babbling on about something boring," said Titus. "I hopped online and searched for things like social security number and this was one of the hits."
The files listed the names and social security numbers of more than 250 thousand people from across Florida.
"Carmen Flores lives in this region, and here is her social security number," said Titus, as he showed
CBS4's David Sutta the list.
"Basically anybody that has applied for a job through this government program since about 2002, appears to have their social security number up online available to the public."
Abraham Teller is one of the 250,000 victims. Handicapped, and out of work, Teller asked the agency for help in 2005.
"I asked for help and this one of the very few things I got," said Teller. "I guess I kind of feel let down. I could never imagine that something like this could happen. If I guess you buy something online there is a chance you know, but here that's pretty scary."
What perhaps is even scarier is how hard it was to tell the state of Florida about the breach.
Titus got transferred to voicemail by the secretary at the agency.
"I would like to find out who I can email all the details to about this particular breach and how to solve it," he said on the phone.
"This is the third time that I've called them, and each time that I've called to let them know about this major breach, each of these times I've been sent to voicemail or dropped."
It took a few weeks, but Titus finally made it through. The 17,000 files were pulled down from popular search engines. Thursday morning the Agency for Workforce Innovation went public. Monesia Brown, the director, did not credit Titus for exposing the breach.
"We were notified by one of our sister agency that there was information out there on the web that should be confidential," said Brown.
The agency is actually downplaying what could be one of the largest data breaches in Florida history.
In a press release they stated they have, "…no reason to believe any personal information has been accessed for unlawful purposes."
It's a goldmine for anyone who wanted to commit identity theft," said Titus. "When you throw information to the internet, you throw it to the internet winds, and even once you delete it, there is no way to get it back."
During our investigation we learned the information made it on the internet through a test server exposed to anyone in the world for three weeks. To date, no one has been held responsible.
Titus just wants to see some "heads roll to begin with", and then says we need to review the way personal information is treated.
Whether any of that happens remains to be seen.
For now, the 250,000 people exposed by the state will be receiving a letter in the mail apologizing for what happened. It will, however, be tough to track most of these people down.
To check if your name has been exposed, you can check out Titus's website:
http://www.nationalidwatch.org/
(© MMIX, CBS Broadcasting Inc. All Rights Reserved.)
Real Or Fake?
Click to enlarge
Stumble It!
