According to Chicago’s Board of Election Commissions, 1.8 million of registered voters in Chicago have had their personal information such as names, birthdates, and addresses publicly exposed online on an Amazon cloud-computing server for an unknown period of time.
On August 11th, a researcher at a computer security company discovered a file of the voter database and informed the election officials of the exposure the next day, as told by USA Today. Three hours after the officials had been informed, the file was taken down and the incident became known to the public on Thursday.
Database manager and equipment contractor Election Systems & Software said in a statement that the data in question was a backup file that was stored on Amazon Web Services’ servers and that, besides names, addresses and dates of birth, contained information such as partial Social Security numbers, state identification numbers, and driver’s license.
Amazon Web Services provide online services for which the user chooses the security configurations. By default, Amazon’s cloud is programmed to be secure, which would mean that someone from Election Systems & Software must have changed the privacy settings to public.
The company said in a statement that they will be reviewing their procedures and protocols to make sure that their systems and data are secure so no similar situation happens ever again, USA Today reports.
Chicago Election Board Chairwoman Marisel Hernandez also came forward and stated that the officials in Chicago were deeply troubled to learn of the incident and expressed her relief for the quickness of the containment of the situation. She also said they have been in constant contact with Election Systems & Software to order and review the steps needed to be taken, such as the investigation of ES&S’s AWS server.
This kind of incident doesn’t look good now, at the time when it is known that Russia had breached election systems during the US presidential election. The exposure of the data also raises wider concern when we realize that Election Systems & Software is the largest voting systems vendor in the country.
Susan Greenhalgh, an election specialist with Verified Voting, a non-partisan election integrity non-profit, told USA Today that she thinks that if we can indicate Election Systems & Software’s security competence by the breach in Chicago, this raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure.