Illinois voter records leaked via unsecured databases

Cybersecurity researcher Jeremiah Fowler has discovered that Illinois voter records were exposed in unsecured databases. He identified 13 misconfigured databases containing 4.6 million documents related to voter records, ballots, and various election lists. The databases were publicly accessible without passwords or authentication.

The counties mentioned in the exposed databases have contracts with Platinum Technology Resource, a company that provides ballot printing, election management, and voter registration software. Magenium, an Illinois-based technology company, is responsible for the technical support of Platinum Elections Services.

Responsible disclosure notices were sent to both Platinum Technology Resource and Magenium, leading to the restriction of access to the databases.

Exposed Data Types

• Full names
• Physical addresses
• Email addresses
• Dates of birth
• Social Security Numbers (full and partial)
• Driver’s license numbers
• Historical voting records
• Voter registration applications
• Death certificates
• Records of changes in address, jurisdiction, or state

The number of affected individuals is not disclosed. It's not clear whether the databases were exfiltrated by malicious actors.

Criminals could exploit the data for targeted social engineering attacks, identity theft and financial fraud. Election manipulation is also possible by sending misleading information based on party affiliation, potentially undermining trust in the electoral process.