The election year is officially underway, but for non-voters and the apathetic—another reason not to register to vote has surfaced: on December 20th, 2015, a security researcher discovered a publicly exposed database of 191 million voter registrant records—names, addresses, dates of birth, phone numbers, party affiliations, state voter IDs, and more—posted online and freely accessible.
To be specific, 191,337,174 U.S. voter records were discovered online displaying the full names, phone numbers, home addresses, mailing addresses, unique voter IDs, state voter IDs, genders, birthdates, registration dates, political affiliations, and voting histories since 2000.
Exposed voter registration data. Source: DataBreaches.net / Chris Vickery.
The data leak was discovered by security researcher Chris Vickery and has been attributed to a misconfigured database. It's not known whether the data has been exploited; in fact, the owner of the database has yet to come forward, though some of the information contained in the database has been linked to nonpartisan technology platform and data provider NationBuilder.
"While the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns... From what we've seen, the voter information included is already publicly available from each state government so no new or private information was released in this database... "
—NationBuilder Founder/CEO Jim Gilliam
The figures are staggering: 21.5 million records containing social security numbers, names, places of birth, addresses, fingerprints, and other highly sensitive personal data—stolen by cyber attackers.
Despite consisting of already publicly available voter information, the database is of considerable value to both commercial and nefarious actors, as compiling such a datastore takes considerable time and effort. Of course, the mere existence of such a concentrated datastore of private information up for grabs online should be cause for concern—in any context. Don't let security flaws like misconfigured databases and unpatched systems leave your data up for grabs. UpGuard's platform for configuration validation and security monitoring ensures that environments are always secure, compliant, and free from flaws that could lead to data leakage.
Before requesting a free UpGuard demo, get a free external assessment of your website right now.
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >