US election machine leaks data of millions of Chicago voters

19 Aug 2017

The Chicago Board of Elections Commissions said that names, addresses, birth dates and other information related to Chicago's 1.8 million registered voters was left exposed and publicly available online on an Amazon cloud-computing server for an unknown period of time.

The database file was discovered on 11 August by a security researcher at Upguard, a company engaged in the evaluation of cyber risk. The company alerted election officials in Chicago on 12 August and the file was taken down three hours later. The exposure was first publicly acknowledged Thursday.

Election Systems & Software, an Omaha, Nebraska -based contractor that provides election equipment has oversight of the database and software.

The voter data which was a back-up file stored on Amazon's AWS servers and included partial Social Security numbers, and in some cases, driver's license and state ID numbers, Election Systems & Software said in a statement.

The AWS cloud service of Amazon provides online storage, but security settings configuration of for the service is the user's responsibility and is not set by Amazon. 

According to commentators, as the default for all of AWS' cloud storage is set to be secure, the public configuration would likely have been the handiwork of someone within ES&S.

Meanwhile, ES&S confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.

Meanwhile, The FBI notified ES&S this week, which launched its own ''full investigation'' with UpGuard's assistance, ''to perform thorough forensic analyses of the AWS server,'' the company said in a statement, adding that the investigation is still ongoing.

According to ES&S the AWS server did not include ''any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems.''

According to the company, the leak had ''no impact on the results of any election.''