Nearly 2 Million Chicago Voter Records Exposed in Breach

Media Division | August 18, 2017

There are now numerous operations within our country that function with some type of cyber technologies. Unfortunately, this also puts them at risk of being compromised by cyber attackers when not properly protected. One system within our modern society that relies on cyber technology, and has already been targeted by attackers, is the various components of the voting system. We already saw a portion of this system falling victim to attackers in the 2016 election hacking of the Democratic National Committee. But, a detrimental cyber incident does not always stem from an outside attacker, as some can be as a result of human error from those storing data. This seems to be the case in a recent breach of Chicago voter records that lead to an exposure of 1.8 million people’s personal data.

How the Breach Was Discovered

This breach was initially discovered by a security researcher from UpGuard. It appears that the incident occurred as a result of a misconfigured security setting on an Amazon server. The data was stored by an election management and voting software company called Election Systems & Software (ES&S), and they had confirmed the breach on Thursday. According to a blog post from the company, the leaked data had included names, dates of birth, addresses, partial Social Security numbers, and some state ID/driver’s license numbers that were contained in backup files on a server. The company had been alerted to the breach on August 12, at which point they then secured the data. The leaked data did not contain any voting data as far as how each person had voted, but the data that was leaked is detrimental in itself. There is an ongoing investigation by forensic experts, and a spokesperson for ES&S had said that it did not appear that the data had been accessed by anyone aside from the security researchers that had found the leak. Once the UpGuard researcher had discovered the leak, he passed it off to Chris Vickery, a well-known analyst, who had downloaded it and examined the contents.

As we have mentioned in our blog posts before, Amazon servers are commonly involved in inadvertent data breaches, but it is not because these servers are inherently unsecure. These servers are actually set to private by default, which means that when they are publicly accessible, the responsibility rests on the server holder for having exposed data like this. Reviewing and properly adjusting privacy settings is one of the most basic security points, and for breaches to occur like this generally comes down to carelessness.

Remaining Vigilant About Cyber Security

Cyber security is one of the most important and essential propositions in our day and age of technology. We store far too much vital data and digital assets to be neglectful or careless about security. Even the most minute mistake or lacking security point can result in massive damage and loss to an organization. The smallest hole can allow an attacker to get in and steal large amounts of data or infect entire systems. IT staff must remain extremely vigilant in regard to security, and aside from them, there is also generally some role that every staff member can play in maintaining protection from breaches and attacks. It could be as simple and straightforward as educating staff members in how to identify and avoid phishing, as these are some of the most common forms of cyber attacks. Point being, even some of the smallest actions can help to protect the whole organization and its data. Massive Alliance has a wide array of tools and services that can help organizations to fortify their cyber security in the threat landscape of today.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.