The government has mailed out letters to AmeriCorps participants and applicants informing them that personal information may have been breached due to flaws in the program's website, federal officials announced on Friday. The security weaknesses date back to 2006, they said.
Each year, the federal AmeriCorps program offers more than 70,000 citizens opportunities to volunteer at government agencies, nonprofits and other community organizations.
"To ensure the highest degree of care and caution, [the Corporation for National and Community Service] is notifying all AmeriCorps applicants and participants with records in the portal system and providing them a full range of support services, including membership in a credit monitoring and identity theft insurance program," corporation officials stated. The corporation, the nation's largest grant-making body for public service initiatives, runs AmeriCorps.
In order for personal data to have been exposed, someone would have had to manipulate the website address -- or know the individual's unique log-in name and use a certain technique to bypass password requirements, the letter said. The records may have shown names, addresses and social security numbers.
The letter stated, "We apologize for this incident and any inconvenience that it may cause you. We are working diligently to strengthen and ensure the security of our computer systems. Please know that we value the trust you have placed in us and your commitment to national service."
The government has since fixed the security flaws, according to the corporation.
Officials added that a systems security engineer will supervise an ongoing process to update the corporation's IT systems and will test to guard against future vulnerabilities.