More than 1.8 million Illinois residents have had their personal information exposed by a leading supplier of U.S. voting machines, which was confirmed by the company Thursday.
As the result of a major data leak, the names, addresses, dates of birth, partial Social Security numbers and party affiliations of over a million Chicago residents have been exposed, leading state authorities and the Federal Bureau of Investigation to a very serious inquiry, according to Gizmodo. In addition to this sensitive information, some driver’s license and state ID numbers were also released in the leak.
The breach of information was detected by Jon Hendren, an employee of the cyber resilience firm UpGuard, who discovered the leak on an Amazon Web Services (AWS) device that was not secured by a password, according to Gizmodo. Following discovery of the breach, the voter information was then downloaded by Chris Vickery, a cyber risk analyst who identified Election Systems & Software (ES&S) as the controller of the data.
The company provides voting services in at least 42 states in the U.S. and was notified this week of the leak. After being informed of the leak, ES&S began its own “full investigation” with UpGuard’s assistance, “to perform thorough forensic analyses of the AWS server,” according to a statement the company released. ES&S said the server did not include “any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems,” stressing the leak had “no impact on the results of any election.”
Hackers at the Defcon security conference this year in Las Vegas tested the electronic poll book used by ES&S and were able to discover the personal records of 654,517 people who voted in Shelby County, Tennessee, including names, addresses, birthdates, and political party which should have alerted the company to flaws. UpGuard also previously discovered a large, unsecured database leaking the personal information of nearly 200 million US registered voters online, according to Gizmodo.
With massive amounts of personal information being leaked, the concern is high and UpGuard worked swiftly and intently with ES&S to ensure minimal casualties from the huge leak. While the information was released, the companies are working to resolve the issues as quickly and efficiently as possible.
“ES&S was able to secure the data promptly and issue a public statement with the details of the exposure, aiding the UpGuard Cyber Risk Team in our mission of ensuring that exposed information is secured,” UpGuard CEO Mike Baukes told Gizmodo. “By working with enterprises like ES&S to swiftly close such exposures, UpGuard will continue to raise awareness about the issues of cyber risk affecting the digital landscape today.”