The Mysterious Case Of The Leaked Voter Database

By UpGuard on January 1, 2016

Filed under: cyber security, cyber risk, data breaches, hack, cyber attack

The Mysterious Case Of The Leaked Voter Database

The election year is officially underway, but for non-voters and the apatheticanother reason not to register to vote has surfaced: on December 20th, 2015, a security researcher discovered a publicly exposed database of 191 million voter registrant records—names, addresses, dates of birth, phone numbers, party affiliations, state voter IDs, and more—posted online and freely accessible.

To be specific, 191,337,174 U.S. voter records were discovered online displaying the full names, phone numbers, home addresses, mailing addresses, unique voter IDs, state voter IDs, genders, birthdates, registration dates, political affiliations, and voting histories since 2000.

Image source: / Chris Vickery.

Exposed voter registration data. Source: / Chris Vickery.

21.5 Records Stolen in OPM Breach

The data leak  was discovered by security researcher Chris Vickery and has been attributed to a misconfigured database. It's not known whether the data has been exploited; in fact, the owner of the database has yet to come forward, though some of the information contained in the  database has been linked to nonpartisan technology platform and data provider NationBuilder.  

"While the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns... From what we've seen, the voter information included is already publicly available from each state government so no new or private information was released in this database... "

NationBuilder Founder/CEO Jim Gilliam

Despite consisting of already publicly available voter information, the database is of considerable value to both commercial and nefarious actors, as compiling such a datastore takes considerable time and effort. Of course, the mere existence of such a concentrated datastore of private information up for grabs online should be cause for concernin any context. Don't let security flaws like misconfigured databases and unpatched systems leave your data up for grabs. UpGuard's platform for configuration validation and security monitoring ensures that environments are always secure, compliant, and free from flaws that could lead to data leakage. 

Before requesting a free UpGuard demo, get a free external assessment of your website right now. 


More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >


The World's First Cyber Resilience Platform

Whether your infrastructure is traditional, virtualized, or totally in the cloud, UpGuard provides the crucial visibility and validation necessary to ensure that IT environments are secured and optimized for consistent, quality software and services delivery.

See how it works at