Cybersecurity Researcher Jeremiah Fowler uncovered a non-password-protected database containing a variety of sensitive election-related documents.
The exposed data includes voting records, ballot templates, voter registrations, and numerous lists, all appearing to be from a single county in Illinois. Further investigation revealed that similar databases from 13 counties were also publicly accessible, while an additional 15 databases existed but were not publicly accessible.
According to multiple news articles and Freedom of Information Act (FOIA) documents, the affected counties have contracts with Platinum Technology Resource, a company that provides various election-related services, including ballot printing, election management, and voter registration software.
The exposed databases contained information managed by Platinum Elections Services. Despite initial notification of the breach, the database remained publicly accessible until an additional responsible disclosure was sent to Magenium, a partner of Platinum Technology Resource, prompting them to secure the databases.
The incident underscores the critical importance of data protection in the electoral process. Since 2017, the Department of Homeland Security has classified election infrastructure as critical, recognizing the devastating impact any compromise could have on the country. According to CISA, this includes voter registration databases, systems used to manage elections, and systems for counting, auditing, and reporting election results.
Maintaining public trust in the electoral process is vital, especially in the wake of the 2020 election, which saw the integrity of the process questioned. Protecting voter data from cyber attacks is crucial to prevent tampering, misinformation, and fraud that could undermine confidence in election outcomes.
For a detailed report on this breach, visit vpnmentor.com.
