Millions Of US Voters Exposed Online

Uploaded on 2024-08-04 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records.

Cyber Researcher Jeremiah Fowler has discovered. These included driver's licence numbers as well as full and partial Social Security Numbers and documents like death certificate and included voter records, ballots, multiple lists, and election-related records.

Fowler determined that all of the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource, which provides voter registration software and other digital tools along with services like ballot printing.

Suspecting that other counties might be inadvertently exposing similar data, Fowler replaced the county name in the database format and discovered a total of 13 publicly accessible databases, along with an additional 15 that were not publicly accessible.According to multiple news articles and freedom of information act (FOIA) documents posted online, these counties have contracts with a company called Platinum Technology Resource. This company offers a variety of services, ranging from ballot printing to election management and voter registration software. 

The counties indicated in the exposed databases also offer a voter information portal that redirects to a domain indicating “Platinum vrms”, which he speculate stands for “voter record management system”.  To verify this, he made phone calls to several county clerks’ offices and was informed that only one vendor (Platinum Technology Resource) manages their voter and election data, and it is known as Platinum Elections Services.

Once Fowler was reasonably sure who managed the database, he sent a responsible disclosure notice to Platinum Technology Resource. However, in a follow up review the next day, he noticed the database was still publicly accessible. In an attempt to identify other contact details, he found several additional FOIA documents indicating an Illinois-based technology company called Magenium is responsible for the technical support of Platinum Elections Services. 

The exposed databases contained.csv documents with lists of available or active voters, absentees, early mail-in voting records, and duplicate voters. Although there were no signs of any wrong doing, it is crucial to protect elections and voter data from cyber attacks, which may include tampering with documents or using exposed voter information for fraud or misinformation. 

Concerns about election tampering through a cyber attack could undermine confidence in the accuracy and fairness of election outcomes, which is why the US government has deemed election data as critical infrastructure.

Jeremiah Fowler   |   VPMentor   |    Wired   |   HackRead   |    Techmeme 

Image: Ideogram

You Might Also Read: 

Big Medical Diagnostic Company Exposed To Data Breach:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Paris Olympics: More Than Just Gold Medals Are At Stake
Building Resilience In A Changing Cyber Threat Landscape »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.