Someone left 300 gigabytes of voter registration data sitting out on the Web, and no one seems to want to take responsibility for it. The database includes the voter registration information for over 191 million American voters, and is ripe for abuse by scammers, marketers, and basically anyone who wants the personal address and phone number of anyone registered to vote.
Included in the user data is sensitive information like names, addresses, political affiliation, phone numbers, voting records, and email address, depending on how much you provided when you registered to vote. Thankfully, it doesn’t include Social Security numbers or other information that’s useful for identity theft, but is still useful to scammers and telemarketers, who can’t normally use voter databases for marketing purposes.
The data was found by a white hat hacker, Chris Vickery, who says the database is still available for download, although he obviously doesn’t detail how to go about finding it. Vickery includes a redacted screenshot with his own information from the database in the report on Databreach.net. The report blames a misconfigured database for the malfunction.
Granted, the information included in the database isn’t necessarily confidential depending on what state you’re in. While some states put strict regulations on access and use, other states make the information a matter of public record. Regardless, there are companies that charge top dollar for access to that information who will surely be unhappy with its availability for free.
More importantly, none of the major campaign database providers have stepped forward to claim the database. And until someone does, it’s going to remain out on the open Web for anyone to download and use however they like. There are obvious security risks associated with addresses tied to name, religion, and ethnicity in a single database, and Vickery has also notified the proper authorities to attempt to have it removed.