What is a metadata blunder? Metadata blunders are the inadvertent leaking of hidden and potentially sensitive data that resides inside every document that we create. These blunders can take many forms, some are due to pure human error, some are holes in security, and others leave a trail behind that play out as a real life ‘Catch me if you can’!

Metadata Blunder #1: Telecoms blunder – May 2013

Two telecom firms branded journalists for Scripps News "hackers" after they found the personal identifiable data of over 170,000 customers stored on an unsecure and publicly accessible server. The data consisted of records of applicants for a subsidised mobile phone programme specifically for low-income customers. The telecoms companies were explicitly directed under the regulations of the Federal Communications Commission's initiative not to keep this data. However, it was kept on the company servers and posted to an open file sharing area, being indexed by Google's search engine in the process, making it easily searchable.

Metadata Blunder #2: Global Bank – July 2013

150,000 customers who went into bankruptcy between 2007 and 2011 had their personal information, including social security numbers, exposed after the bank failed to properly redact court records before they were put on the Public Access to Court Electronic Records system.

Metadata Blunder #3: London Borough Council – September 2013

After a freedom of information request, the Council published metadata online related to 2,375 residents that was highly sensitive and hidden in an Excel document. The hidden data remained on the site for over two weeks before an external admin removed it. This metadata leak cost them £70,000 in fines. In a separate incident, 140 residents’ addresses were released in an email about the council’s Resident Improvement Taskforce. 

Metadata Blunder #4: Broadcaster, Australia – November 2013

The salaries of broadcasters were inadvertently leaked in response to a freedom of information request by a South Australian MP. These revealed major disparities between pay packets. In one instance, a female presenter earned $235,664, while her male co-host earned $84,000 less, making $151,006. This metadata blunder upset many and led to petitions by employees for more pay in line with their colleagues. 

Metadata Blunder #5: The Great online Heist - December 2013

Sheep Marketplace, an online anonymous marketplace, closed down last weekend after someone stole 96,000 digital coins – worth roughly £60m in tradable value. However the users who have had their coins stolen know their way around, and they are chasing them across the internet, with the live manhunt unfolding on reddit. When the thief stole the coins, they left metadata about where they were transferring them behind, and this is what is being used to track them, and the coins, down. By not minding their metadata, it could lead to their discovery, and prove to be the biggest metadata blunder of 2013.

To avoid experiencing your own metadata blunders, register for our upcoming ‘Metadata: The Hidden Menace’ Webinar.

C.Irving1