Nevada residents applying to sell medical marijuana got just got an unpleasant surprise. The state's Department of Health and Human Services has confirmed that a vulnerability in a website portal leaked the data of more than 11,700 applicants, including their driver's license and social security numbers. Officials have taken down the relevant site until they fix the flaw, but there's a concern that fraudsters might have seen the info and used it for malicious purposes.
The scale of the leak might be modest. A spokesperson tells ZDNet that the data represented just a "portion" of one data base among several. And when Nevada voted to legalize medical marijuana in 2000, it's possible that some of the information is outdated. Even so, this underscores a common problem with government data: frequently, agencies are their own worst enemies thanks to avoidable security holes and imperfect policies.