The Year Of The Voter List Breach

June 29, 2016 CyberCecurity Leave a comment

Early this year, we learned of a voter database of 191 million U.S. voters was found, unprotected on the Internet. The list contained name, address, political party, telephone and voting record (not who you voted for, but in which general elections and primaries).

For people who want to keep that information private, such as judges and prosecutors, the cat is now out of the bag.

Under U.S. law, that data is public and most states sell or give that data to politicians who use it to harass you. Err, excuse me, call you at dinner time.

Now we have learned of a second voter database leak. This time about 56 million voters. This list contained some other information that comes fro the questions you choose to answer when they call you and merged from other public records. The information exposed this time includes Christian values, bible study and gun ownership in 19 million of those profiles.

That is the result of you answering those questions when pollsters call you. If you answer and talk to them, the data that you provide will get added to that generic database. In addition, data from other public record sources can be merged. I suppose the gun ownership question could come from gun licenses or maybe even background checks, but those records are not supposed to be public.

Now the same researcher, Chris Vickery of MacKeeper, said he has found a third voter database.

While the first two were stored on Amazon, this one is stored on Google.

And, I would not blame Amazon or Google for the breach. These hosting providers give you tools to configure your security, but they are not responsible for how or if you use them.

This latest database contains 154 million records. Besides your name, address and Congressional district, this database contains estimated income, ethnic background, gender, party information, whether the person was likely to have children and other information.

One of the challenges for Chris is to try and figure out who owns the database so that he can contact them. Amazon and Google are unlikely to tell him for fear that they would get sued for giving that information out. In this case there was a telltale sign and Chris called the company whom he thought might own it. Turns out they did not, but they had a good idea of which of their customers might own it.

A few hours later, it was locked down.

Of course, we don’t know how many months it was available or who might have downloaded it before Chris discovered it.

The magnitude of these data breaches is breathtaking. The 191 million record list includes the name of every registered voter in the U.S. That means these other breaches are subsets of that data with the extra fields as a bonus for whoever finds it.

And likely, this is just the tip of the iceberg. Stay tuned as the election season cranks up.

And maybe you should not tell people that you are a gun owner or do bible study, since these folks can’t seem to secure that data.

The world of big data. It can me big breaches.

Information for this post came from Daily Dot.