Data breach discovered on Dept of Agriculture website

3 Oct 2008

A flaw has been discovered on the Department of Agriculture & Food website that exposes details, addresses and amounts given to beneficiaries of EU Common Agriculture Policy (CAP) payments.

The details relate to hundreds of Irish farmers who would have been beneficiaries of schemes such as the Rural Environment Protection Scheme, the Compensatory Allowances in Less Favoured Areas Scheme and the Early Retirement Scheme. In the New Year it will be expanded to include the Farm Improvement and the Young Farmer’s Installation Aid Scheme.

According to a security expert who wished to be unnamed, the database on the Department of Agriculture website can be searched on an individual basis, and only farmers who have received over €30,000 will have their amounts published.

On first perusal, it is impossible to get this information. However, by going to internet options in the browser settings, disabling the ‘active scripting’ and then refreshing the browser, entire lists of people in counties starting with first name, surname, municipality and the financial amount given up to €5,000, for example, can be revealed.

For example details can be retrieved of a farmer in Cavan who received €4,319.55, a farmer in Kildare who received €2,481.26, a farmer in Meath who received €3,702.15 or a farmer in Cork who received €4,063.26.

Other amounts in the €10,000 to €20,000 range have also been exposed such as a farmer in Kerry who received €12,900.53 from the schemes, and in the higher €20,000 to €30,000, details of farmers countrywide can also be viewed.

Further details of each record, outlining which schemes each farmer benefited from, can be clicked on.

At a time when government departments are getting serious flack over losing laptops and PDAs, this is a security hole that will need to be fixed as soon as possible.

A spokesman for the Department of Agriculture confirmed to siliconrepublic.comthat he was unaware such a breach was possible and is investigating the matter.

The availability of the information could pose a security threat to farmers in rural areas, as it reveals both financial amounts received and their location.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years