Names, addresses, dates of birth and other information about Chicago’s 1.8 million registered voters was left exposed and publicly available online on an Amazon cloud-computing server for an unknown period of time, the Chicago Board of Election Commissions said. The database file was discovered on Friday by a security researcher at Upguard, a company that evaluates cyber risk. The company alerted election officials in Chicago on Saturday and the file was taken down three hours later. The exposure was first made public on Thursday. The database was not overseen by the Chicago Board of Election but instead Election Systems & Software, an Omaha, Neb.-based contractor that provides election equipment and software.
The voter data was a back-up file stored on Amazon’s AWS servers and included about 1.8 million names, addresses, dates of birth, partial Social Security numbers, and in some cases, driver’s license and state ID numbers, Election Systems & Software said in a statement.
… The implications of the exposure are much broader than Chicagobecause Election Systems & Software is the largest vendor of voting systems in the United States, said Susan Greenhalgh, an election specialist with Verified Voting, a non-partisan election integrity non-profit.
“If the breach in Chicago is an indicator of ES&S’s security competence, it raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure,” she said.