A cache of voter records on over a half-million Americans has been found online. The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to security researchers at the Kromtech Security Research Center, who found the database. The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser — no password needed — until Monday when the data was secured and subsequently pulled offline. The exposed data is just a portion of a larger voter file compiled by TargetSmart, which said its national voter file — that contains 191 million voters — is the “most comprehensive and up-to-date voter file ever assembled.” The data is collected and used to help political campaigns with their fundraising, research, and voter contact programs, the company said. ZDNet was provided a small sample of the records for verification. Each XML-formatted record contained details, some sensitive and personally identifiable information, on prospective voters, including names, addresses, dates of birth, their ethnic identity, whether an individual is married, and the individual’s voting preferences.
But the data also contained highly personal information, such as household income, the age ranges of an individual’s children, and if an individual is a homeowner. The records — some are more complete than others — also have fields for the types of issues that an individual can be lobbied on, such as climate change, gun control, and tax reforms.
When reached, TargetSmart said that a third-party company was to blame for the data exposure. “We’ve learned that Equals3, an [artificial intelligence] software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database of approximately 593,000 Alaska voters appears to have been inadvertently exposed,” said Tom Bonier, Targetsmart chief executive.
Full Article: Yet another trove of sensitive US voter records has leaked | ZDNet.