Former Florida governor, and likely US presidential candidate, Jeb Bush is taking heat after he published online a massive dump of email correspondence – which included highly personal records detailing the affairs of his constituents.
JebEmails.com was set up by Team Bush to provide "transparency" into his eight-year stint at the helm of the sunshine state: messages sent and received by him during his term have been collected together and, on Tuesday, uploaded to the website for all to see.
Jeb, who is the brother of ex-President George W. Bush, had written an ebook based on his exchanges with citizens, and wanted to show off his source material to the world. Well, now all that's backfired.
It appears nobody bothered to check whether the JebEmails archives contained sensitive data before the files were uploaded. The 4GB archive was soon found to contain emails in which citizens, looking for help from their governor, had handed over various personal details to Bush.
All the messages dumped on the site included the name and email address of the sender. In many cases, a personal or business phone number is included, and in some cases even more data was leaked, we're told.
Computer security researchers say they were able to spot pages of emails featuring social security numbers, dates of births, and other information you'd rather not dangle in front of identity thieves as plaintext.
Emails seen by The Register have featured cell and landline phone numbers, home addresses, email addresses, social security numbers, and messages of a rather personal nature – from pleas for help in a probation case to parents with specific concerns about their children's health and education.
Individual messages – such as this one – have now been redacted, and the Outlook downloads have been removed from the site, leaving the following warning:
This [website] previously included raw .PST data files provided by the Florida Department of State. We were informed that some personal information was available in the raw data so we removed these files. Please contact the Florida Department of State with any questions or public records request. You may still read these emails on the email calendar link, where we have redacted personal information we have been able to locate.
Some people, such as University of North Carolina research scientist Kam Woods, were quick to scan through the files while they remained available:
Ran a few tools over the Jeb Bush emails. And...yeah. Pages of SSNs, DOBs, CCNs in the output. pic.twitter.com/7CxpWlHDUM— kamwoods (@kamwoods) February 10, 2015
To be fair, Bush is allowed to reveal his correspondence: a governor's email exchanges while he is in office are considered to be on the public record and could be viewed by citizens and press with a Freedom of Information Act request.
Such requests, however, can be, and are frequently, redacted to scrub away personal or potentially sensitive information before they are released.
Jeb is among the Republican favorites in the run-up to the 2016 presidential primary elections. The blunder is therefore embarrassing for Bush. For the Floridians who were just inadvertently doxxed, however, the Bush dump could prove even more damaging. ®
Jeb Bush's social media guru Ethan Czahor, hired to help the ex-governor mount a possible bid for the White House, has quit a day into the job – after offensive tweets were dug up from his Twitter timeline and revealed online.