NEW YORK (CNNMoney.com) -- Google disclosed Friday that its Street View cars had mistakenly collected data about the Web sites users were visiting on open wireless Internet networks.
Alan Eustace, a senior executive in Google's engineering and research department, apologized for the mistake in a blog post and said the company is working with regulators to dispose of the data.
"We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake," Eustace wrote.
He said the company has stopped its Street View cars, which are used to gather information for Google's mapping service, from collecting WiFi data entirely.
Eustace also stressed that the data was only collected from networks that were not password protected, and that it was never used "in any Google products."
While the data were collected from networks that were not password-protected, Google would not have been able to access any encrypted data, such as bank account information, the company said.
Google (GOOG, Fortune 500) had previously said that its Street View cars only collected information that is publicly broadcast on WiFi networks, such as network names and router numbers. At the time, however, the company said the cars did not collect "payload data" sent over the network, which could include what Web sites people are visiting.
That disclosure, in a blog post on April 27, was in response to an inquiry from the German data protection authority.
On Friday, Google said the request from a German authority had prompted the company to conduct an internal investigation of "everything we have been collecting," according to Eustace.
"It's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks," he said in his post.
The mistake stemmed from an experimental piece of software code, which sampled all categories of publicly broadcast WiFi data, that was inadvertently included in a program the cars began using in 2007 to collect other wireless data.
Eustace said "only fragments" of data were collected by the cars, which use equipment that automatically changes channels about five times a second.
Danny Sullivan, editor of industry blog Search Engine Land, said the cars would have only detected "snippets" of information, and that encrypted data would not have been compromised.
"There could be some incredibly sensitive data in there, and there could be some that means very little," he said.
Sullivan said he was not surprised that Google could have made such a mistake. "But it doesn't make it any more acceptable," he said, adding that the disclosure comes at an inopportune time for the company.
"This is a really bad thing for them to have happen right now," he said. "They're already under fire on privacy because of the way they rolled out Google Buzz."
In February, Google modified a feature on its new social network service that automatically made people's private contacts public, after an uproar over the privacy breach.
Dick Evans is a firm believer in the free market. Oil companies that piled on too much debt should go bust. More
The Federal Trade Commission accuses two companies with failing to disclose the onerous terms of no-cost loans made using a borrower's car title as collateral. More
Here's where Seahawks and Patriots fans eat, shop, and play, according to data from ad tech startup PlaceIQ. More