Millions Of US Voters Exposed Online

Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records.

Cyber Researcher Jeremiah Fowler has discovered. These included driver's licence numbers as well as full and partial Social Security Numbers and documents like death certificate and included voter records, ballots, multiple lists, and election-related records.

Fowler determined that all of the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource, which provides voter registration software and other digital tools along with services like ballot printing.

Suspecting that other counties might be inadvertently exposing similar data, Fowler replaced the county name in the database format and discovered a total of 13 publicly accessible databases, along with an additional 15 that were not publicly accessible.According to multiple news articles and freedom of information act (FOIA) documents posted online, these counties have contracts with a company called Platinum Technology Resource. This company offers a variety of services, ranging from ballot printing to election management and voter registration software. 

The counties indicated in the exposed databases also offer a voter information portal that redirects to a domain indicating “Platinum vrms”, which he speculate stands for “voter record management system”.  To verify this, he made phone calls to several county clerks’ offices and was informed that only one vendor (Platinum Technology Resource) manages their voter and election data, and it is known as Platinum Elections Services.

Once Fowler was reasonably sure who managed the database, he sent a responsible disclosure notice to Platinum Technology Resource. However, in a follow up review the next day, he noticed the database was still publicly accessible. In an attempt to identify other contact details, he found several additional FOIA documents indicating an Illinois-based technology company called Magenium is responsible for the technical support of Platinum Elections Services. 

The exposed databases contained.csv documents with lists of available or active voters, absentees, early mail-in voting records, and duplicate voters. Although there were no signs of any wrong doing, it is crucial to protect elections and voter data from cyber attacks, which may include tampering with documents or using exposed voter information for fraud or misinformation. 

Concerns about election tampering through a cyber attack could undermine confidence in the accuracy and fairness of election outcomes, which is why the US government has deemed election data as critical infrastructure.

Jeremiah Fowler   |   VPMentor   |    Wired   |   HackRead   |    Techmeme 

Image: Ideogram

You Might Also Read: 

Big Medical Diagnostic Company Exposed To Data Breach:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Paris Olympics: More Than Just Gold Medals Are At Stake
Building Resilience In A Changing Cyber Threat Landscape »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

National Cybersecurity Competence Centre (NC3)

National Cybersecurity Competence Centre (NC3)

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.