by Gyana Swain
News
Aug 05, 20244 mins
Data BreachPasswords
The databases, which lacked any password protection, included highly sensitive personal information such as full names, addresses, dates of birth, Social Security numbers, and driver’s license numbers.
A US technology contractor has exposed the data of 4.6 million voters and election documents from multiple counties in Illinois, raising serious concerns about election security and voter privacy.
The exposed databases, managed by the technology contractor Platinum Technology Resource, were discovered to be non-password-protected and linked to counties in Illinois.
The data breach was identified by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor.
“I found a collection of different documents, including voting records, ballot templates, and voter registrations, all from a single county in Illinois,” Fowler said in the report. “Further investigation revealed a total of 13 open databases and 15 others that exist but are not publicly accessible.”
The exposed 13 non-password-protected databases contained lists of active voters, absentee ballots, early mail-in voting records, and duplicate voters, along with highly sensitive personal information such as full names, addresses, dates of birth, Social Security numbers, and driver’s license numbers. Additionally, candidate documents with personal phone numbers, email addresses, and home addresses were also exposed.
“There were documents marked as ‘voter records’ that contained far more potentially sensitive personal information,” Fowler added. “This included historical voting records and copies of voter registration applications.”
The databases were linked to Platinum Technology Resource, a company that provides election technology and services to counties throughout Illinois. Fowler identified the company through publicly available contracts and Freedom of Information Act (FOIA) documents.
After initial attempts to contact Platinum Technology Resource were unsuccessful, Fowler reached out to Magenium, an Illinois-based technology company responsible for technical support of Platinum Elections Services.
Following this disclosure, the databases were restricted, the researcher added in the report.
“The databases were publicly accessible for an unknown duration, raising concerns about potential unauthorized access,” Fowler said. “Only an internal forensic audit can determine if there was any suspicious activity.”
Fowler warned of the potential risks associated with exposed personal information. “Criminals could use this information for identity theft and various forms of fraud. It could also be exploited for social engineering attacks or disinformation campaigns aimed at undermining public trust in the electoral process.”
In response to the breach, the researcher recommended organizations managing sensitive documents implement strong access controls and encryption. Using unique database formats and names that are difficult to guess can also help prevent unauthorized access.
Not the first case of its type
This incident highlights the critical need for robust data protection measures in election systems. Since 2017, the Department of Homeland Security has classified election infrastructure as critical, acknowledging the devastating impact its incapacitation or destruction could have on the country.
In 2020, the Pew Research Center reported that 75% of American voters believed there would be outside interference in the presidential election.
The latest data breach echoes similar incidents in recent years. In October 2023, the District of Columbia Board of Elections noted that the database of the entire voter roll was breached, which was being managed by DataNet Systems. Similarly, in 2020, data of over 200 million American voter records was leaked due to an unsecured database managed by a third-party data broker. The growing threat of cyberattacks on election systems underscores the importance of safeguarding voter data.
In 2017, data of almost 200 million US voters were leaked by Deep Root Analytics, a firm working on behalf of the Republican National Committee (RNC), exposing names, dates of birth, home addresses, phone numbers, and voter registration details.
As the US grapples with election-related data security, this latest breach is a stark reminder of the vulnerabilities that still exist. Ensuring the integrity and security of voter data is crucial for maintaining public trust in the democratic process.
Related content
- newsTrump campaign suffers sensitive data breach in alleged Iranian hack The campaign says sources hostile to the US have hacked into its accounts to steal and compromise sensitive election data.By Shweta SharmaAug 12, 20244 minsData BreachElection HackingPhishing
- featureThe cyber assault on healthcare: What the Change Healthcare breach reveals February’s ransomware attack is a wake-up call for healthcare execs – and a reminder to leaders in other industries about what can go wrong.By Mary K. PrattAug 12, 202412 minsData BreachRansomwareHealthcare Industry
- news analysisThe cost of a data breach continues to escalate The cost can’t be completely quantified, but 70% of breached organizations reported significant disruption to their businesses.By Lynn GreinerJul 30, 20249 minsData BreachRansomwareData Privacy
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
