Personal Information of Nearly 2 Million Chicago Voters Exposed on Amazon Server
A variety of personal information — including names, addresses, and dates of birth — for 1.8 million registered voters in Chicago was publicly exposed online on an Amazon cloud-computing server for an unknown period of time, the city’s Board of Election Commissions said.
A file of the voter database was discovered August 11 by a researcher at a computer security company, which informed election officials of the exposure the following day, according to USA Today. The file was taken down three hours after officials were informed, and the incident was made public Thursday.
The data was a back-up file stored on Amazon Web Services’ (AWS) servers and included partial Social Security numbers, and for some, driver’s license and state identification numbers, database manager and equipment contractor Election Systems & Software said in a statement, USA Today reports.
Amazon AWS provides online service, but the security configurations are determined by the user. Amazon’s cloud is by default programmed to be secure, so someone within ES&S must have changed the settings to public.
Electronic Systems & Software in a statement said it would review its procedures and protocols to ensure that its systems and data are secure in order to prevent similar situations from happening again, according to USA Today.
“We were deeply troubled to learn of this incident, and very relieved to have it contained quickly,” Chicago Election Board Chairwoman Marisel Hernandez told the paper. “We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server,” she said.
The incident comes at time when Russia is known to have breached election systems during the U.S. presidential election. The exposure prompts wider concern as Election Systems & Software is the largest voting systems vendor in the country.
“If the breach in Chicago is an indicator of ES&S’s security competence, it raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure,” Susan Greenhalgh, an election specialist with Verified Voting, a non-partisan election integrity non-profit, told USA Today.