US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records

Info on 1.8M Chicago voters was publicly accessible, now removed from cloud service: election officials

Security breach at Board of Election vendor

The 1.8 million records, voter names, addresses, phone numbers, driver's license numbers, party affiliation, dates of birth and partial Social Security numbers were in an Amazon cloud account owned by Nebraska-based voting machine firm Election Systems & Software that the company had configured to allow public access. The files were immediately secured and the server was shut down on Saturday after ES&S was alerted to the leak.

A security researcher from UpGuard discovered the breach. A spokesperson for ES&S said in a statement the firm has no indication that the information had been previously accessed by people other than the researchers who discovered it.

Election Systems said in a statement that the files "did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems". The company stressed that the leak had "no impact on the results of any election".

State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard.

The firm is also now reviewing all procedures and protocols, including those of its vendors, to make sure that its systems and data are secured and prevent any similar incidents in the future.

Jim Allen, a spokesman for the Chicago elections board, said it was unknown how long the unsecured files had been accessible on the server.

"The expense for that is going to be borne by ES&S", Allen said, Chicago Tribute reports.

"We will continue reviewing our contract, policies and practices with ES&S".

The latest incident comes amid growing concerns over cloud and digital security following multiple data leaks and exposures in recent months, often due to cloud configuration errors made by third-party vendors. "This was a violation of the contract terms that explicitly lay out the requirement to safeguard the voters' data". "We are taking steps to make certain this can never happen again". "We were most concerned that it was out there at all", he said.

Chicago election officials say they are investigating a security breach involving data from city voters and a contractor for the election board.

Altre Notizie