If you’ve voted in a national American election since 2000, your name, street address, phone number, date of birth and more may be found in an unsecured, 300 GB database brought to public attention by Austin-based IT specialist Chris Vickery.
Vickery, who in September drew attention to a leak of 1.5 million medical records, reported the database to DataBreaches.net in mid-December. The database is now offline, but no one has taken responsibility for its existence and exposure. While it was online, anyone could obtain the database with no authentication.
In an interview with Reuters, Vickery emphasized that the “alarming part is that the information is so concentrated,” removing the deterring expense and time consumption of the task of compiling such a database. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.
DataBreaches.net reports that the state of California may take on the investigation of the owner of the database. Laws about securing voter data differ from state to state; in California, voter data must be available only to persons within the United States, a regulation clearly broken in this case. In South Dakota, the access to such data must be restricted, which was not the case here.
We’ll update this story in further blog posts as it develops.
UPDATE 1/4/16: Forbes reports that a second database has been discovered, holding as many as 54 million voters’ records, and that the researcher who found both believes they are tied to United In Purpose, a pro-conservative group.