Millions of Voter Records Left Exposed


December 30, 2015 | DevOps | joanna mastrocola

If you’re the type of person who likes to keep their political affiliations off of the internet, avoiding partisan tweets, posts, and snaps, you seem to be out of luck. A white hat hacker recently uncovered 191 million exposed records of voter information. Included in the long list of data is the political party that you are registered under and a detailed account of the primaries and elections you decided to vote in, and those that you chose to skip.  

Largest Data Breach of 2015 Exposes 191 Million Voting RecordsWith 191 million records exposed, this is the largest data breach of  2015. There is still a long way to go until election day and as most of the presidential hopefuls are just picking up steam, you will probably see many more cyberattacks with political aims in the coming year. As dynamics shift, and new candidates begin to lead in the poles, phasing others out, hackers will probably work to expose information about these people that will either be aimed at helping their campaigns or hurting them.


Here’s everything you need to know:

According to this piece on Hacked, the 300GB of leaked data dates as far back as 2000. The white hat hacker who uncovered the information, Chris Vickery, confirmed the data he found was all accurate after finding his own details, and the accurate details of others, on the list.

Forbes reports that, “It would appear every registered US voter is included in the leak”. Thankfully, social security numbers were not exposed in this leak. It was initially assumed that digital campaign company National Builder was to blame for the leak, however, spokespersons from the business insist that the IP address linked to the breach did not belong to them or one of their hosted clients. It is still unclear who is to blame for leaving the information vulnerable.

Fortune outlines the information that was likely exposed. The list contained the voter’s name, date of birth, gender, and address,  ethnicity, party affiliation, e-mail address, phone number, state voter ID, and whether he/she is on the “Do Not Call” list. What is most alarming is that this information, if in the wrong hands, could very easily be used for identity theft.

The San Francisco Chronicle points out that this breach shows a need for increased voter security. The author maintains that also campaigns have a reasonable need to access voter data, there need to be stricter security measures in place before information is just handed over, because the privacy of the voter should be top priority.Why Increased Voter Security Should be a Priority

This piece from CSO Online looks at the leak from an interesting perspective. The author points out that although voter information is typically public information to begin with, this is determined on a state by state basis. Different states have different rules about how the information can be distributed and therefore, people living in states with stricter laws, would have information exposed that would otherwise be kept private. The author also says that there are very strict guidelines for what people can use voter data for. People who obtain voter info aren’t  allowed to use it for commercial gain, etc. However, with this entirely exposed treasure trove of information, the data is unprotected and can be used in a multitude of unregulated ways.


This specific instance doesn’t appear to be politically malicious in nature, it was caused by a misconfigured database that left voter secrets exposed. However, the politically aimed cyberattacks that are sure to follow, are reason for concern since innocent voters will likely be impacted. Politicians put themselves out there, they are on the public stage, and open themselves up for dirty laundry being exposed. Whether right or wrong, this is just the way it is, there is no privacy for public figures. But what about us? What about the people who decide not to put on a show, what about those of us who keep our positions and opinions to ourselves? Our information is, unfortunately, going to be disclosed as well. If candidates don’t start securing their campaign secrets now, we are in for a lot of trouble. It is their duty to keep their supporters’ information safe. That way, when your republican uncle or liberal grandmother decide to send $10 to either Donald Trump or Hillary Clinton’s campaigns, those donations can stay anonymous, as they should be.




Keep up-to-date on security best practices, events and webinars.

Share This