When the House Jan. 6 committee wrapped up its work in recent weeks, it posted hundreds of records online, including interview transcripts, audio recordings and text messages.
Also buried in the massive cache was a spreadsheet with nearly 2,000 Social Security numbers associated with visitors to the White House in December 2020, including at least three members of Trump’s Cabinet, a few Republican governors and numerous Trump allies.
While the spreadsheet with the numbers was taken down Wednesday, the high-profile nature of the people whose data was exposed probably puts them at an “elevated risk” because the information would be especially useful to intelligence agencies, said James Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization that advises victims of identity crimes and compromises.
Lee recommended that people listed follow common tips for victims of identity crimes, including freezing their credit, using a multi-factor authentication app for their online accounts and setting up credit and account monitoring.
Exposed individuals don’t appear to have been notified about the leak. The Government Publishing Office (GPO), which originally published the file, did not respond to a request for comment on whether it planned to notify people whose Social Security numbers were exposed.
“To my knowledge, we were not notified. The governor was not notified,” said Ian Fury, a spokesman for South Dakota Gov. Kristi L. Noem (R). Social Security numbers were listed alongside the names of Noem, her husband and her three children.
Many of those contacted by The Post declined to confirm whether their Social Security numbers matched the ones listed in the file, citing privacy concerns.
Representatives of Texas Gov. Greg Abbott (R), South Carolina Gov. Henry McMaster✓ (R) and former health and human services secretary Alex Azar, who were listed in the spreadsheet alongside Social Security numbers, declined to comment or did not respond to requests for comment.
“Whether it was a careless and sloppy handling of records or a deliberate disregard of decorum, either scenario is a perfunctory and callous display of government and a frightening reminder of the current state in Washington,” said former housing and urban development secretary Ben Carson, whose name was listed in the spreadsheet alongside a Social Security number. “President Reagan was a savant indeed — the nine most frightening words to hear are ‘I am from the government and here to help.’”
A former Jan. 6 committee aide, speaking on the condition of anonymity because they weren’t authorized to speak publicly, said that committee “records released publicly underwent a review process to redact personal details and other sensitive information.”
“Any release of such information was inadvertent,” the aide added.
A federal district court judge and a federal appeals court judge, at least a half-dozen people who testified before the Jan. 6 committee and a lawyer who represented another witness before the committee also appear to have had their Socials Security numbers exposed.
The Social Security numbers appeared as part of the White House visitor logs published by the committee. Many Social Security numbers in the logs were redacted, but around 1,900 of them were not. The numbers were buried several hundred rows down in the second tab of the spreadsheet, which represented visits to the White House on a day in December 2020.
The file appears to have been added to the GPO’s collection of Jan. 6 materials, which are available for download on its website, sometime this week. It’s not clear how many people had downloaded the spreadsheet by Wednesday, when the GPO removed it from its website shortly after The Post notified the agency of the numbers’ existence. GPO has since re-uploaded the spreadsheet with the Social Security numbers redacted.
There is now a bit of finger-pointing over whose responsibility it was to make sure personal data wasn’t exposed as part of the committee’s investigation into the attack on the Capitol on Jan. 6, 2021, by supporters of then-President Donald Trump.
GPO spokesman Gary Somerset said in a statement that the office “does not edit or alter materials provided by Congress for publication.” As a “temporary measure,” the GPO had removed the logs from its site while “our teammates scan other documents” for personally identifiable information, Somerset said.
The White House said in a letter last year that the committee agreed to accept the records — in redacted form — from the National Archives. In a Feb. 15, 2022, letter to Archivist of the United States David Ferriero, then-White House lawyer Dana Remus wrote that the Jan. 6 committee “agreed to accept production of these records with birth dates and social security numbers removed” in order to “ensure that personal privacy information is not inadvertently disclosed.”
The National Archives appeared to cast some blame on the Jan. 6 committee. The Archives’s public and media communications office told The Post in a statement that “while we took affirmative steps to redact personally identifiable information (PII), we did not expect that the Committee would publicly release records that still may have contained PII.”
The statement added that The Post’s request for comment “was the first we had heard of a potential inadvertent release of personally identifiable information” and that “we are assessing the situation and any necessary steps to address an inadvertent release.”
A spokesperson for Rep. Bennie G. Thompson (D-Miss.), who chaired the committee, did not provide comment. Former congressman Adam Kinzinger (R-Ill.), a member of the committee, said he wasn’t aware of the release of Social Security numbers and didn’t know how it happened.
“Obviously it’s something we’ll have to look into,” he said. “It’s unfortunate.”
In recent weeks, the Jan. 6 committee raced to complete its work, with minor errors appearing in the long-awaited report it released Dec. 22. It has published more than 200 deposition and interview transcripts, with many names redacted in those documents.
White House visitor logs were cited just three times in the committee’s final report, all in reference to a Dec. 21, 2020, meeting attended by House Republicans planning to object to the certification of the electoral college vote.
Trump had argued that the logs were subject to executive privilege, but Remus called that assertion “not justified” in her February 2022 letter.
Trump’s White House didn’t post any visitor logs online, a break from the Obama administration, which began posting logs in 2009. President Biden has continued that practice. Logs posted by Obama and Biden have omitted sensitive personal information such as Social Security numbers.