California officials are investigating a report that an unprotected MongoDB database has been discovered possibly containing the names of every California voter. Kromtech Security’s Bob Diachenko that earlier this month Kromtech came across an database named cool_db containing 19.2 million voter records gathered in two collections that was fully unprotected and thus open for anyone to view. One batch contained voter registration data for a local district and the other the millions of records. “Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery),” he said.
Just about every piece of PII on the voter was included in the database. This included name, address, phone number, email, place of birth, voting precinct and gender.
MongoDB databases have had a tough year having been in the news for a variety of issues including being hit with ransowmare to being found left unprotected.
Sam Mahood, press secretary for California Secretary of State Alex Padilla, told SC Media that it is investigating the issue and has called in help from law enforcement agencies.