On December 20, 2015, researcher Chris Vickery discovered an exposed database containing personal information belonging to approximately 191 million American voters. The exposure was the result of a misconfiguration, and while voter data is considered a matter of public record, it should concern citizens and government officials to know how accessible this information may have been to criminals and politically motivated never-do-gooders.
What does such a database contain? As you might imagine, it features the information required when you first registered as a voter: first and last name, address, date of birth, gender and ethnicity. It may also contain information consumers consider to be more sensitive, including phone number, email address, voter ID, and status regarding the do-not-call list.
Voter registration data is valuable to organizations looking to combine the information with other sources from marketing firms and political consultants to determine your political affiliations and voting habits. Which means databases developed for campaigns or non-profits could contain even more personal information, such as religious affiliation and your stance on political issues.
The impact of such a breach
But if this information is a matter of public record, why is the breach such a significant issue? Of course we can debate if such information should be considered public record. Some states including South Dakota and California are more stringent regarding the availability and use of voter registration data. But at a minimum, organizations are required to request the data and file a certified purpose for use. However, in this case anyone could access the exposed data via the internet. Imagine what that means for police officers who dealt with criminal elements all of their careers, and now their address and family information is exposed to those same elements.
Thankfully, the database does not contain Social Security numbers, driver’s license numbers, or any financial information. But full name, date of birth, and address and phone number are problematic enough when it comes to protecting our privacy and security.
How secure is your organization?
Unfortunately, data breach incidents are a common occurrence, and are
on the rise in government. In its April 2014 report, “Information Security: Federal Agencies Need to Enhance Responses to Data Breaches,” the GAO stated that the number of data breach incidents in federal agencies had doubled between 2009
and 2013, to 25,566 per year.
All of this is proof positive that data breach incidents are a common occurrence and are even on the rise. Examples like this recent voter registration exposure demonstrate the critical nature of protecting citizens’ best interests at every turn, especially online.
The potential abuse with this information further supports the need for secure printing solutions developed specifically for government usage. If you are a government agency, considering taking a closer look at Nuance’s offerings for document management, cloud print security and compliance. Also, stay tuned for future blog posts that take a closer look at security issues in government and best practices for improving overall security.