Cybersecurity expert Jeremiah Fowler recently uncovered a concerning data breach involving over 4.6 million voter records and election-related documents. These sensitive files were discovered in 13 unprotected databases managed by a technology contractor based in Illinois.
Company Behind the Exposure
The databases were traced back to Platinum Technology Resource, a firm providing election technology and services to various counties across Illinois. Fowler revealed that by altering county names in the database URLs, he could access additional exposed databases, some of which had minimal security protections.
The exposed records included critical personal information such as voter names, addresses, dates of birth, Social Security numbers, and driver’s licence numbers. Additionally, the databases contained documents with candidate information, including contact details and voter petitions with signatures.
Although Fowler did not find any immediate misuse of the data, the potential risks are substantial. Malicious individuals could exploit this information for identity theft, voter intimidation, or spreading disinformation. Fowler noted that having access to such personal information could allow bad actors to send misleading information about voting procedures or use past voting history to harass voters.
Long-term Service of the Company
Platinum Technology Resource has been providing election services in Illinois for over three decades. Their services include voter registration, election-day support, ballot management, tabulation, and election management software. This long-standing service highlights the importance of ensuring robust security measures to protect sensitive election data.
We need strong cybersecurity protocols to protect the integrity of the electoral process. Since 2017, the Department of Homeland Security has recognised election infrastructure as critical, acknowledging the severe impact that potential attacks could have.
Fowler recommends that organisations managing sensitive election data implement a combination of access controls and encryption to secure their databases. This includes using unique, time-limited access tokens for authorised users instead of relying solely on passwords, which can be easily compromised.
Preserving Public Trust in Elections
With the 2024 election season approaching, safeguarding the electoral process in the United States is more urgent than ever. Fowler emphasised the importance of maintaining public trust in the electoral system, especially in light of the controversies surrounding the 2020 election.
By implementing robust cybersecurity measures, election officials can ensure that voter data remains secure, thereby preserving the integrity of democratic processes. This incident serves as a stark reminder of the importance of vigilant data protection practices in the digital age.
The exposure of millions of voter records highlights pressing vulnerabilities in our election systems. As technology continues to play a crucial role in elections, ensuring the security of sensitive data must be a top priority for all involved parties. Robust cybersecurity measures are essential to protect the integrity of our democratic institutions and maintain public trust in the electoral process.