A yawning back-end pathway into the state’s voter registration database, through which private information could have been accessed, has been closed, thanks to the candidate challenging Secretary of State Kim Wyman. “Anyone with basic programming skills and knowledge about these weaknesses could conceivably (access) this data, look up and harvest private data from millions of Washingtonians,” Tina Podlodowski wrote Wednesday to the state’s chief information security officer (CISO). The information accessible via the back-end pathway included voters’ personal cell phone numbers, personal email addresses, ballot delivery types, and the coding used to message military and overseas voters. Wyman’s office, without mentioning Podlodowski, put out a release Friday, saying: “The situation has been quickly rectified.” David Ammons, chief communications office for the secretary of state, later confirmed that the problem was first identified in a letter from Podlodowski.
In writing to the security officer, Podlodowski laid out, in her words, “Step-by-Step: How to view illegally posted MyVote personal information about any registered voter in WA.” The navigation to “personally sensitive information prohibited by law from disclosure” was done in 11 easy steps.
Agnes Kirk, the CISO, wrote to thank Podlodowsi on Friday, saying: “The Secretary of State’s office took immediate action to prevent the information from being accessible any longer . . . Thank you again for following the industry standard for responsible disclosure of a potential cyber security issue and helping keep the citizens data safe.”
Instead of Podlodowski, the secretary of state’s office thanked Agnes Kirk.
Full Article: Challenger Podlodowski discovers open door into state’s voter database – seattlepi.com.