The issue was first discovered April 13 by a user of OMB Watch's FedSpending.org, an online service about federal spending that includes a government database that contained the personally identifiable information, said OMB Watch Executive Director Gary Bass. OMB Watch monitors the White House's Office of Management and Budget.

The data in question appears in the Federal Assistance Award Data System (FAADS), a government database of all federally provided financial assistance (not including procurement), according to OMB Watch. FedSpending.org makes FAADS and publicly available data about government contracts accessible to the public in a searchable format in order to focus attention on government spending patterns. The group created the site last year to provide public access to government contracts and grants in a searchable database, according to the statement.

Users can search the information by company or by individual names to see who receives federal money, OMB Watch said.

Bass said the original FAADS files have been freely available for anyone to download from the U.S. Census Bureau's website for years, and it appears the database containing personally identifiable information has been widely distributed for a long time.

"The data field at the heart of the security problem, the Federal Award ID, is vitally important to investigators and researchers tracking specific transactions, as it is the only means for identifying a specific loan or grant," Bass said in the statement. "For example, in order to file a Freedom of Information request about a financial transaction, the public needs to provide the Federal Award ID [which includes Social Security numbers]. Unfortunately, in response to the problem, the Census Bureau has deleted the Federal Award IDs for all FAADS records from its publicly downloadable files without any public notice about these changes and has yet to replace the information, eviscerating a key aspect of the data and lessening its value."

"Conceivably this could affect 100,000 people," Bass said. "What is harder [to determine] is how far this goes back. It could be decades. It's just that this is the first time it has been easily accessible to the public on the Web."

"It is truly astonishing that this has been happening," he said.

A spokeswoman for the USDA said the agency takes full responsibility for including users' Social Security numbers in the Federal Award ID number. In a statement, the agency said it removed information from the FAADS database immediately after it learned of the potential exposure.