A file containing the names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was published online and publicly accessible for an unknown period of time, the Chicago Board of Election Commissioners said Thursday. The acknowledgment came days after a data security researcher alerted officials to the existence of the unsecured files. The researcher found the files while conducting a search of items uploaded to Amazon Web Services, a cloud system that allows users to rent storage space and share files with certain people or the general public. The files had been uploaded by Election Systems & Software, a contractor that helps maintain Chicago’s electronic poll books.
Election Systems said in a statement that the files “did not include any ballot information or vote totals and were not in any way connected to Chicago’s voting or tabulation systems.” The company said it had “promptly secured” the files on Saturday evening and had launched “a full investigation, with the assistance of a third-party firm, to perform thorough forensic analyses of the AWS server.”
State and local officials were notified of the existence of the files Saturday by cybersecurity expert Chris Vickery, who works at the Mountain View, Calif. firm UpGuard. Vickery said his firm was doing a routine research to see what information is publicly available on the Amazon cloud service.
… The data file was listed as “Chicago DB” on the Amazon cloud service, Vickery said, and a setting on the upload made it accessible to the public.
Jim Allen, a spokesman for the Chicago elections board, said it was unknown how long the unsecured files had been accessible on the server.