Millions Of US Voters Exposed Online

Uploaded on 2024-08-04 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records.

Cyber Researcher Jeremiah Fowler has discovered. These included driver's licence numbers as well as full and partial Social Security Numbers and documents like death certificate and included voter records, ballots, multiple lists, and election-related records.

Fowler determined that all of the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource, which provides voter registration software and other digital tools along with services like ballot printing.

Suspecting that other counties might be inadvertently exposing similar data, Fowler replaced the county name in the database format and discovered a total of 13 publicly accessible databases, along with an additional 15 that were not publicly accessible.According to multiple news articles and freedom of information act (FOIA) documents posted online, these counties have contracts with a company called Platinum Technology Resource. This company offers a variety of services, ranging from ballot printing to election management and voter registration software. 

The counties indicated in the exposed databases also offer a voter information portal that redirects to a domain indicating “Platinum vrms”, which he speculate stands for “voter record management system”.  To verify this, he made phone calls to several county clerks’ offices and was informed that only one vendor (Platinum Technology Resource) manages their voter and election data, and it is known as Platinum Elections Services.

Once Fowler was reasonably sure who managed the database, he sent a responsible disclosure notice to Platinum Technology Resource. However, in a follow up review the next day, he noticed the database was still publicly accessible. In an attempt to identify other contact details, he found several additional FOIA documents indicating an Illinois-based technology company called Magenium is responsible for the technical support of Platinum Elections Services. 

The exposed databases contained.csv documents with lists of available or active voters, absentees, early mail-in voting records, and duplicate voters. Although there were no signs of any wrong doing, it is crucial to protect elections and voter data from cyber attacks, which may include tampering with documents or using exposed voter information for fraud or misinformation. 

Concerns about election tampering through a cyber attack could undermine confidence in the accuracy and fairness of election outcomes, which is why the US government has deemed election data as critical infrastructure.

Jeremiah Fowler   |   VPMentor   |    Wired   |   HackRead   |    Techmeme 

Image: Ideogram

You Might Also Read: 

Big Medical Diagnostic Company Exposed To Data Breach:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Paris Olympics: More Than Just Gold Medals Are At Stake
Building Resilience In A Changing Cyber Threat Landscape »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Cybergroot

Cybergroot

Cybergroot provides Cybersecurity Assessment services and professional Information Security trainings.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Archer Technologies

Archer Technologies

Archer helps organizations manage risk in the digital era—uniting stakeholders, integrating technologies and transforming risk into reward.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Secomea

Secomea

Secomea redefines manufacturing plant security by combining internationally recognized industry best practices as critical components of our robust cybersecurity strategy.

Device42

Device42

Device42 is a trusted, advanced, and complete full-stack agentless discovery and dependency mapping platform for Hybrid IT.