Chicago voter records leak

1.8 million Chicago voter records exposed online

1.8 million Chicago voter records exposed online

As previously seen with the UpGuard Cyber Risk Team's discovery of the much larger exposure of 198 million USA potential voters by a Republican National Committee vendor, the danger of voter data being unwittingly exposed by private companies tasked with its storage remains a real threat, one that transcends any partisan concerns.

Chicago Board of Elections is reporting a security breach by one of it vendors. The default for all of AWS' cloud storage is to be secure, so someone within ES&S would have had to choose to configure it as public.

The files contained no information on how individuals voted and had no impact on the results of any election, according to ES&S. "We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S' AWS server". UpGuard also previously discovered a large, unsecured database leaking the personal information of almost 200 million USA registered voters online, according to Gizmodo. The company provides cyber surveillance and resilience support and routinely scans for open and misconfigured files online and on AWS, which is how the Chicago voter database was discovered. The encryption was strong enough to keep out a casual hacker but by no means impenetrable, said Henden.

As part of an effort to find unsecured files on Amazon Web Services (AWS) server platforms, a private researcher completed a download of the Election Systems & Software (ES&S) backup files of voter data that were prepared for Chicago's electronic pollbooks and stored on the AWS platform. Election Systems & Software, the Nebraska-based voting software and election management company, confirmed the leak on Thursday.

A PROBLEM WITH VOTING MACHINES AND CLOUD SERVICES services has led to the personal information of 1.8 million Chicago citizens being exposed online. A security researcher from UpGuard discovered the breach.

Given that Russian Federation probed at least 38 state voter databases prior to the 2016 election according to federal officials, however obscure the Chicago data base might have been it still represented a risk, he said.

"ES&S was able to secure the data promptly and issue a public statement with the details of the exposure, aiding the UpGuard Cyber Risk Team in our mission of ensuring that exposed information is secured", UpGuard CEO Mike Baukes told Gizmodo. Once an exposure is found to have happened, it is imperative to move swiftly to foreclose upon the possibility of any exploitation of the data by malicious actors.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.