More Sensitive US Voter Records Leaked

Uploaded on 2017-10-12 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

A cache of voter records on over a half-million Americans has been found online. The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to security researchers at the Kromtech Security Research Center, who found the database.

The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser, no password needed, until Monday 11th September, when the data was secured and subsequently pulled offline.

The exposed data is just a portion of a larger voter file compiled by TargetSmart, which said its national voter file, that contains 191 million voters, is the "most comprehensive and up-to-date voter file ever assembled."

The data is collected and used to help political campaigns with their fundraising, research, and voter contact programs, the company said.

ZDNet was provided a small sample of the records for verification.

Each XML-formatted record contained details, some sensitive and personally identifiable information, on prospective voters, including names, addresses, dates of birth, their ethnic identity, whether an individual is married, and the individual's voting preferences.

But the data also contained highly personal information, such as household income, the age ranges of an individual's children, and if an individual is a homeowner.

The records, some are more complete than others, also have fields for the types of issues that an individual can be lobbied on, such as climate change, gun control, and tax reforms.

When reached, TargetSmart said that a third-party company was to blame for the data exposure.

"We've learned that Equals3, an artificial intelligence software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database of approximately 593,000 Alaska voters appears to have been inadvertently exposed," said Tom Bonier, Targetsmart chief executive.

Bonier said the data was not accessed by anyone other than the security researchers at TargetSmart and the team that identified the exposure.

"None of the exposed TargetSmart data included any personally identifiable, non-public financial data," he said.

"To be clear, TargetSmart's database and systems are secure and have not been breached. TargetSmart imposes strict contractual obligations on its clients regarding how TargetSmart data must be stored and secured, and takes these obligations seriously," Bonier added.

Equals3 chief executive Dan Mallin confirmed it had "experienced an intrusion of a sample data set on one of our development servers." He said that the server wasn't in use by any of the company's clients and was shut down.

"This was an isolated intrusion, stemming from a white hat group who was searching for a known vulnerability in CouchDB," referring to Kromtech security researchers.

"We have diligently conducted a forensic audit confirming the data set was not downloaded," he said.

This is the second known data exposure of voter records this year.

The first, and largest ever to date, saw 198 million records on individuals from every state exposed. Deep Root Analytics, a data company working for the Republican party, took responsibility for the exposure.

Kromtech has in recent years discovered and reported on several US voter databases online, totaling 18 million voters, as well as the state of Louisiana's entire database of 2.9 million voters.

Kromtech's Alex Kernishniuk said the exposure was "yet another wake-up call" for companies and governments to audit their networks.

"There seems to be no end in sight for improperly secured data making its way onto the web, and with little or no accountability for proper storage and security measures, it is up to regulators to decide the best way to manage an aging electoral system that seems to be struggling to keep up with the digital age," he said.

ZD Net:

You Might Also Read: 

Hong Kong’s 3.7 Million Voters Exposed in Massive Breach:

Russia's US Election Hacks More Persistent Than First Thought:

 

« In Demand: New Tech Against Drone Attacks
Wanted: A New Microchip For The AI Era »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Excellium Services

Excellium Services

Excellium’s Professional Services team combines expertise and experience that complements your in-house security resources.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.