The National Security Agency (NSA) is under fire after a disclosure that the agency is in the process of destroying hundreds of millions of phone records it was not legally allowed to have. The purged records had been gathered from American telecommunications companies since 2015 through a system the agency created under the USA Freedom Act. According to reports, the agency collected 151 million call-detail records in 2016 and 534 million in 2017.

During an audit of its files, the NSA reportedly found “technical irregularities” in its collection of call record details. These records show who called or texted whom and when, but not details of the communications. The records are used by the agency to analyze social links between people suspected of terroristic activities.

The NSA did not explain what technical irregularities caused the problem, simply calling them complex. The glitches apparently caused unspecified telecom providers to provide erroneous information in response to the agency’s requests for information. The result was that the agency’s database was contaminated with millions of files it had no authority to receive. Because of the high number of potentially illegal records in the database, the agency decided to purge all of them instead of trying to identify and selectively delete them.

The agency released a statement that it worked with the telecommunications companies to figure out the problem and was satisfied that it was fixed going forward. An agency spokesman, Chris Augustine, said the problem did not result in any collection of location records from cellphone towers. The statement also said that the agency had separately “reviewed and revalidated its intelligence reporting to ensure that the reports were based on properly received” data. The agency declined to assign blame for the issue.

The disclosure of the incident caused an uproar. In a statement, Senator Ron Wyden, Democrat of Oregon and member of the Senate Intelligence Committee, placed the blame on the telecom companies, saying, “This incident shows these companies acted with unacceptable carelessness, and failed to comply with the law when they shared customers’ sensitive data with the government.” Privacy and civil rights advocates also raised concerns about the data collection, saying that the public has a right to know more about the cause and scope of the problem.