Nice feature on VA site: "Expose My Data"

General Assembly site's "Who's My Legislator?" page collected user data. But - surprise - it also exposed data to Google search engine.
Written by Richard Koman, Contributor

A computer system at the Virginia General Assembly released personal information on as many as 32,000 people to the Internet, The Richmond Times-Dispatch reports.

With the names, addresses, phone numbers and e-mail addresses exposed, Google's spiders picked them up and added them to the search engine index.

"They left the door open [and] made those files retrievable by Google's automatic file retrieval engine," William E. Wilson, director of the Division of Legislative Automated Systems said.

The data was collected from the General Assembly's "Who's My Legislator?" page, in which users are invited to fill out a form about themselves in order to identify their legislator.

"We became aware on [February] 12th that these names and addresses were out in Google," Wilson said. "Google sweeps through and any server that is open to having files picked and carried away by Google was picked up and carried away."

"Not to minimize it," Wilson said, "it's phonebook kind of information."

The breach was identified by former state IT official Charles Hague, who found on Google a "Who's My Legislator" page with his own information on it.

Editorial standards