You are here

Voter Information Compromised

Every democracy grants its citizens a constitutional right to vote. Any popular election requires huge databases containing personal details and sensitive information on political and other preferences of voters. Such databases may be maintained by both government bodies and analytical companies, which doubles the threat to information integrity, with negligent third-party companies seeming to cause a more significant damage in the event of data compromising.

This is a digest of major voter data leaks prepared by InfoWatch Analytical Center.

The largest such leak happened in June 2017 in the USA. Deep Root Analytics, a data analytics contractor employed by the Republican National Committee (RNC), accidentally left files containing information on 198 million voters (more than 60% of the entire U.S. population and approximately 80% of all citizens eligible to vote) in an Amazon cloud account that could be browsed without logging in. The files discovered by the security firm UpGuard were part of 25-terabyte database containing names, addresses of voters, as well as modeled data about voters’ likely positions on different issues, including information on how likely particular individuals voted for Obama in 2012, whether they agree with the Trump foreign policy of ‘America First’, and so on. It was found out that these data were exposed for almost two weeks.

A year and a half before that, personal information of 191+ million U.S. voters was leaked through a similarly misconfigured storage. Such a database is a real godsend to marketing or political research firms, as well as journalists, scientists, and politicians.

In April 2016, UpGuard experts discovered a massive database of 87 million Mexican voter records publicly accessible on the Internet, including names, addresses, dates of birth, and voter ID numbers. The password-free database was also found on a cloud server provided by Amazon Web Services. Soon after AWS was notified of the exposure, the database was no longer publicly accessible.

In April 2016, the Philippines saw the largest leak in its history, when a computer was stolen from the Philippines Commission on Elections (COMELEC), containing personal information of 55 million voters. The damage was even more grave as the leak compromised not only traditional personal data of voters, but also their biometric identity. Even though the COMELEC claimed that data had been encrypted, you would never know whether criminals could extract them or not.

Several years ago, Colombia saw a scandalous incident involving voter personal information. National Registry director accused the policemen of illegal data acquisition, as, during an investigation into alleged election irregularities in the southwestern part of the country, they removed two hard drives containing the details of 31 million voters from the Registry without the appropriate warrant.