A voting machine company exposed 1.8 million Chicago voter records after misconfiguring a security setting on the server that stored them. Election Systems & Software (ES&S), the Nebraska-based voting software and election management company, confirmed the leak on Thursday. In a blog post, the company said the voter data leak contained names, addresses, birthdates, partial social security numbers and some driver’s license and state ID numbers stored in backup files on a server. Authorities alerted ES&S to the leak on Aug. 12, and the data was secured. A security researcher from UpGuard discovered the breach. The data did not contain any voting information, like the results of how someone voted. Jim Allen, a spokesman for the Chicago Board of Elections, said the leak did not contain or affect anyone’s voting ballots, which are handled by a different vendor. “We deeply regret this,” Allen said. “It was a violation of our information security protocol by the vendor.”
Forensic experts are investigating the ES&S leak. A spokesperson for ES&S said in a statement the firm has no indication that the information had been previously accessed by people other than the researchers who discovered it.
UpGuard security researcher Jon Hendren found the cache of data exposed on an Amazon Web Services server Friday night. He handed it off to analyst Chris Vickery who downloaded the information to examine the content. Vickery shared his findings with local and Illinois state authorities Saturday morning.
Amazon buckets — where data is stored — are private by default. This means someone at ES&S misconfigured a security setting and exposed the data online.