DENVER A Colorado sheriffs online database mistakenly revealed the identities of confidential drug informants and listed phone numbers, addresses and Social Security numbers of suspects, victims and others interviewed during criminal investigations, authorities said.
The breach potentially affects about 200,000 people, and Mesa County sheriffs deputies have been sifting through the database to determine who, if anyone, is in jeopardy.
That in itself is probably the biggest concern we have because were talking about peoples personal safety, Sheriff Stan Hilkey said.
The FBI and Google Inc. are trying to determine who accessed the database, the sheriff said. Their concern: That someone may have copied it and could post it, WikiLeaks-style, on the Internet.
The truth is, once its been out there and on the Internet and copied, youre never going to regain total control, Hilkey said.
Thousands of pages of confidential information were vulnerable from April until Nov. 24, when someone notified authorities after finding their name on the Internet. Officials said the database was accessed from within the United States, as well as outside the country, before it was removed from the server.
The information was so stunning that Jay Seaton, publisher of The (Grand Junction) Daily Sentinel, thought it was obtained illegally.
A source provided the western Colorado newspaper with a computer disk shortly after Thanksgiving. The paper first published details of the leak but not its contents.
We got that disk returned to the proper authorities, he said. As a general rule, I dont mind taking some risks. But in something like this, where you can actually get people killed, Im out.
The disks contents were legally gleaned from a sheriffs department database. In April, a Mesa County information technology employee moved the database into what the employee believed was a secure server, county spokeswoman Jessica Peterson said.
The information sat there as a large text file. It was first accessed by an outside computer on Oct. 30. Other computers accessed the information over the next 25 days.
Hilkey declined to provide other details. But he surmised that a Google Web crawler that can be programed to troll the Internet for specific sets of information, such as nine-digit numbers that can be Social Security numbers, found the server.
Somebody who sets up that kind of Web crawler to search for that kind of information probably doesnt have good intentions, the sheriff said.
The employee who transferred the files no longer works for the county. Peterson declined to say whether the file transfer led to the employees departure. A Google spokesperson didnt immediately return calls for comment.
The information included data about Mesa County employees, information from the nearby Fruita and Palisade police departments and possibly information from the U.S. Drug Enforcement Administration and Grand Junction police.