Data security experts say the security lapse that potentially exposed the Social Security numbers and other personal information of more than 6 million Georgia voters could cause significant damage to consumers if they were to fall into the wrong hands. The information, including dates of birth and driver’s license numbers, is far more valuable to criminals than the bank card information that has been stolen in several recent high-profile cyberattacks against retailers such as Target and Atlanta-based Home Depot. Personal identity information can be used over and over and fetch high prices among criminals, while bank cards aren’t as valuable because they can be quickly canceled after a theft. “When you get a Social Security number and a date of birth, you’ve got everything you need to do tremendous damage to these consumers,” said Stephen Coggeshall, the chief analytics and science officer for data security firms LifeLock and ID Analytics.
… The Secretary of State’s Office is attempting to retrieve discs sent to 12 buyers in order to secure the data. Kemp told The Atlanta Journal-Constitution his office “undertook immediate corrective action, including contacting each recipient to retrieve the disc, and I have taken additional administrative action within the agency to deal with the error.” The AJC was one of the recipients and returned its disc to the agency.
Unlike recent hacks of major retailers or the federal Office of Personnel Management, the breach of Georgia voter data involves information shipped to a known and narrow spectrum of buyers, not criminals who illegally forced their way into organizations’ computer infrastructure.