Jeb Bush commits major security blunder exposing volumes of PII

Share:

jeb bush forming pacPresidential hopeful wanted to showcase transparency, but mistakenly exposed personally identifiable information (PII), including names and Social Security Numbers in email dump.

Jeb Bush may make a presidential run in 2016, but the Republican politician has already make a glaring faux pas, ironically compromising the privacy of some his supporters and critics alike in a blundered attempt at transparency.

Bush decided to publish in Personal Storage Table (.PST) format thousands of emails he received during his eight years as the governor of Florida between 1999 and 2007. The published emails had been received by his official gubernatorial account, jeb@jeb.org.

What began as ostensibly well intentioned attempt to showcase his open door policy went astray when visitors discovered that the published data trove contained unredacted names, email addresses, physical mailing addresses, phone numbers, and even Social Security numbers.

“In the spirit of transparency, I am posting the emails of my governorship here,” Bush recently wrote on his official website. “Some are funny; some are serious; some I wrote in frustration.” Of course, Florida has rather liberal freedom of information laws, so the emails would likely have been released anyway. However, typically such releases redacted certain details like full mailing addresses or SSNs before they make their way to the public. The former governor’s proactive publication had no such redactions.

Bush reportedly spent up to 30 hours per week reading and responding to emails, hoping to provide a more personal touch to Florida residents. The posted emails were compiled by his political action committee (PAC) American Bridge. It was a noble effort, but Bush is facing a bit of a public relations issue following the data dump that showed very little care in protecting privacy. The so-called “eGovernor” was made aware of personal information being included after the fact, and the data was removed from his website.

The Verge

Share: