More than 191 million voters appear to have had their personal information exposed online as a result of a “misconfigured database,” cybersecurity researchers reported on Monday.
“Thankfully, there are no Social Security numbers, driver’s license numbers or any financial information in this particular database,” according to Databreaches.net. However, the “full name, date of birth and address and phone number with political party and other fields” dating back to 2000 were exposed.
That includes records of every election in which a voter has participated, in addition to information on political perspectives. That could include, for instance, what political lawn signs a voter has had on display over the last decade.
The database was discovered by researcher Chris Vickery on Dec. 20. While much of the information it contains can be legally obtained from different states, depending on local laws, the information is generally harder to obtain, and complete data on 191 million voters has an approximate value north of $200,000.
Because California is one state that restricts what can be disclosed about voters, researchers reported contacting that state attorney general’s office.
“When one of their attorneys asked, ‘Well how much data are we talking about?’ and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was, ‘Wow,'” Databraches.net reported. “[S]he promptly forwarded the matter to the head of their e-crime division. The California Attorney General’s Office has not replied to follow-up email inquiries since then.”
The researchers also reached out to Nation Builder, a vendor that provides software and other services to political campaigns, to inquire if it was one of the company’s databases. A spokesman said that the IP address associated with the database did not belong to the company, but it was unclear whether one of its clients may have been the source of the breach.
“We were — and remain — pretty certain that the database involves Nation Builder’s data because of unique data field labels and because the numbers match their database as it was in March 2014,” the researchers wrote.
“Could Nation Builder reach out to all of their customers to ask them to check to see if they were the source of the leak? Yes, but we realize that they’re really under no obligation to do so,” they add.
