Yet again this year, US voter data is at risk of being compromised. Cybersecurity researcher Chris Vickery uncovered a publicly available database of 191 million voter records online earlier this month, CSO reports. The database is not protected by any security measures and reportedly remains live. Listed in the database is each voter’s full name, home address, mailing address, unique voter ID, state voter ID, gender, date of birth, phone number, date of registration, political affiliation, and voter history since 2000. Vickery didn’t specify where he found the vulnerable database and isn’t sure what company compiled it.
CSO, Vickery, and an admin at DataBreaches.net reached out to multiple political data firms to see if any could claim ownership of the database. None did. The FBI and Internet Crime Complaint Center were also contacted, although the agencies didn’t follow up to confirm an investigation. It isn’t clear how many states are impacted.
State laws don’t treat the information as sensitive
If Vickery's numbers are accurate, the database would contain the majority of voter IDs in the United States — even more than the total number of currently active registered voters. The US Census recorded 142.2 million registered voters in 2014, significantly less than the 191 million voter IDs Vickery claims to have uncovered, although deaths, state-to-state moves and duplicates may account for much of the discrepancy.
This isn’t the first time voter data has been exposed. Earlier this year, millions of Georgia voters had their information accidentally sent to political parties, news organizations, and a gun owner magazine. In that case, a third-party contractor was also to blame for the exposure. More recently, Senator Bernie Sanders and the Democratic National Committee publicly fought over voter data after one of Sanders’ staffers accessed former Secretary of State Hillary Clinton’s collected voter information. A software glitch allowed the staffer to gain access. The DNC initially said it would no longer allow Sanders to view its essential voter data, but later reversed its decision after Sanders filed a lawsuit.
Voter data, while immensely valuable to political candidates, often lacks proper security measures to keep it protected. State laws don’t treat the information as sensitive, allowing almost anyone to request access to it. Addresses and phone numbers might seem benign, but when cross-referenced with other compromised databases, the information can assist in phishing attacks or identity fraud.