A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed. Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password. The voter data was then downloaded by cyber risk analyst Chris Vickery who determined Election Systems & Software (ES&S) controlled the data. ES&S provides voting machines and services in at least 42 states.
Gizmodo spoke briefly with Chicago officials regarding the matter on Saturday. The city did not immediately respond to a request for comment on Thursday after ES&S posted about the leak on its website. A spokesman for US Senator Dick Durbin of Illinois also confirmed on Saturday that the senator had been made aware of the situation.
ES&S was notified this week by the FBI and began its own “full investigation” with UpGuard’s assistance, “to perform thorough forensic analyses of the AWS server, the company said in a statement, noting that the investigation was ongoing.
ES&S said the AWS server did not include “any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems.” The company stressed that the leak had “no impact on the results of any election.”