Millions Of US Voters Exposed Online

Uploaded on 2024-08-04 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

Databases containing sensitive US voter information from multiple counties in Illinois were openly accessible on the Internet, revealing 4.6 million records.

Cyber Researcher Jeremiah Fowler has discovered. These included driver's licence numbers as well as full and partial Social Security Numbers and documents like death certificate and included voter records, ballots, multiple lists, and election-related records.

Fowler determined that all of the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource, which provides voter registration software and other digital tools along with services like ballot printing.

Suspecting that other counties might be inadvertently exposing similar data, Fowler replaced the county name in the database format and discovered a total of 13 publicly accessible databases, along with an additional 15 that were not publicly accessible.According to multiple news articles and freedom of information act (FOIA) documents posted online, these counties have contracts with a company called Platinum Technology Resource. This company offers a variety of services, ranging from ballot printing to election management and voter registration software. 

The counties indicated in the exposed databases also offer a voter information portal that redirects to a domain indicating “Platinum vrms”, which he speculate stands for “voter record management system”.  To verify this, he made phone calls to several county clerks’ offices and was informed that only one vendor (Platinum Technology Resource) manages their voter and election data, and it is known as Platinum Elections Services.

Once Fowler was reasonably sure who managed the database, he sent a responsible disclosure notice to Platinum Technology Resource. However, in a follow up review the next day, he noticed the database was still publicly accessible. In an attempt to identify other contact details, he found several additional FOIA documents indicating an Illinois-based technology company called Magenium is responsible for the technical support of Platinum Elections Services. 

The exposed databases contained.csv documents with lists of available or active voters, absentees, early mail-in voting records, and duplicate voters. Although there were no signs of any wrong doing, it is crucial to protect elections and voter data from cyber attacks, which may include tampering with documents or using exposed voter information for fraud or misinformation. 

Concerns about election tampering through a cyber attack could undermine confidence in the accuracy and fairness of election outcomes, which is why the US government has deemed election data as critical infrastructure.

Jeremiah Fowler   |   VPMentor   |    Wired   |   HackRead   |    Techmeme 

Image: Ideogram

You Might Also Read: 

Big Medical Diagnostic Company Exposed To Data Breach:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Paris Olympics: More Than Just Gold Medals Are At Stake
Building Resilience In A Changing Cyber Threat Landscape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cybereason

Cybereason

Cybereason provides real-time detection of malicious activity enabling you to identify the cause and scope of an attack and ensure an effective response.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

Radar Cyber Security

Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.