Shonky voting machine exposes details of 1.8 million Chicago citizens

US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records

A suppler of USA voting machines has confirmed a major data leak that has seen the details of more than 1.8 million voters in the state of IL exposed. In a blog post, the company said the voter data leak contained names, addresses, birthdates, partial social security numbers and some driver's license and state ID numbers stored in backup files on a server.

No ballot information or vote totals were included in the database files and the information was not connected to Chicago's voting or tabulation systems, the company said. A security researcher from UpGuard discovered the breach.

Jon Hendren (security researcher at Upguard) send the cache of leaked data to Chris Vickery, an analyst who examined the data.

The Chicago Election Board confirmed to Gizmodo they were aware of and "deeply troubled" by the incident.

"Not only does ES&S provide the voting equipment, in many jurisdictions ES&S programs and helps to run the equipment for election officials".

It has now launched a full investigation, with the assistance of a third-party firm, to perform "thorough forensic analyses of the AWS server".

"These back-up files had no impact on any voters' registration records and had no impact on the results of any election". UpGuard also previously discovered a large, unsecured database leaking the personal information of almost 200 million United States registered voters online, according to Gizmodo.

The database operated by ES&S was secured within 24 hours of Upguard alerting the company of the issue, but it's almost impossible to say if Upguard's researchers were the first to access the data-or what the intentions of others may have been.

"The expense for that is going to be borne by ES&S", Allen said, Chicago Tribute reports.

It's not clear whether anyone tried to steal the voter data. "We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S's AWS server", she said.

Ben Johnson, a former U.S. National Security Agency computer scientist and current chief technology officer and co-founder of Obsidian Security, told International Business Times the risk of data exposure increases with each additional party involved in the process. "Now, with more headlines and more examples of where to look, you can bet that malicious actors have already written the equivalent of search engines to more automatically find these hidden treasures of sensitive data", Johnson said.

Related:

Comments


Other news