In a recent revelation by cybersecurity researcher Jeremiah Fowler, a shocking discovery of over 4.6 million sensitive voter data and election documents left vulnerable and exposed online has raised significant concerns. The exposed data, which included voter records, ballot templates, and other election-related materials, was found in 13 unprotected databases managed by the Illinois-based technology contractor, Platinum Technology Resource.
Fowler’s investigation uncovered that the databases were associated with Platinum Technology Resource, a company that offers election technology and services to various counties in Illinois. By manipulating the county name in the database URLs, the researcher was able to identify additional vulnerable databases, some of which were password-protected but still susceptible to unauthorized access.
The exposed databases contained a wealth of personal information, such as voter names, addresses, dates of birth, Social Security numbers, and driver’s license numbers. Additionally, candidate information, including phone numbers, email addresses, and home addresses, as well as petitions with voter signatures, were also discovered by Fowler.
Despite finding no immediate signs of malicious activity, the potential risks stemming from this data exposure are profound. The information could be exploited by malicious actors for voter intimidation, disinformation campaigns, or even identity theft and fraud. Fowler highlighted the dangers by stating that possessing voters’ Personally Identifiable Information (PII) could enable bad actors to send misleading information to voters based on their party affiliation and potentially engage in voter intimidation tactics.
The contractor, Platinum Technology Resource, has been providing election-related services to counties in Illinois for over three decades, emphasizing its role in voter registration, election-day support, ballot management, tabulation, and election management software through its product PlatinumVR.
The magnitude of the sensitive election data exposure underscores the critical need for robust cybersecurity measures to safeguard the integrity of the electoral process. Since 2017, the Department of Homeland Security has classified election infrastructure as critical, underscoring the severe repercussions that a cyberattack on these systems could have.
In light of these revelations, the researcher recommended that organizations handling sensitive election data employ a combination of access controls and encryption to fortify their databases. Implementing unique, time-limited access tokens to authorize users for document retrieval, instead of solely relying on password protection, was emphasized as a crucial step.
As the nation approaches the 2024 election season, ensuring the security of the electoral process is paramount. The exposure of this vast trove of voter and election data serves as a poignant reminder of the imperative role that cybersecurity plays in upholding the integrity of democratic institutions. As stakeholders work towards bolstering data protection measures, the goal remains to maintain public trust in the electoral process and uphold the sanctity of democratic principles.