After a tumultuous year of data breaches affecting everyone from toy companies to government agencies, 2016 is starting off with another blow to online security as a database of 191 million registered U.S. voters was discovered online, open for public viewing.
The misconfigured database was discovered by Chris Vickery, who worked with the security website Databreaches and IT expert and security blogger Steve Ragan, who found his own information listed on it. It was taken offline on December 28, but Vickery explained that its presence can still pose a threat to the people whose information it revealed, especially when it comes to identity theft.
According to Databreaches, these lists are already known to include name, date of birth, gender and address, which is already plenty of information for identity thieves, but it’s possible that there could be more. Voter lists can also provide ethnicity, party affiliation, email address, phone number, state voter ID and status on the “Do Not Call” list.
Thankfully, the lists did not include Social Security Numbers or driver’s license numbers. However, Databreaches pointed out that the amount of personal information made available by the leak is still troublesome.
Databreaches explained that “databases developed for political campaigns may also include whether or not you voted in the last general or primary elections, whether you appeared to follow a party line vote, and there may be a score predicting whether you’re likely to vote in an upcoming election or for a particular party or candidate.”
Some of these databases go even more in depth too, especially if they’re developed for issue-oriented campaigns or nonprofits, providing information as far as religious affiliation, stance on abortion and gun control, and other similar details.
What’s tricky about this database leak, though, is that this information isn’t always private to begin with. It’s particularly valuable to campaign consultants and marking firms, and is often made available to them. The usage of these details varies depending on state laws. For example, in California, this information is considered confidential and highly restricted. On the other hand, some states disclose the information to those who agree to not use it for commercial purposes and not place it for unrestricted access on the internet.
However, unlike the leaked database, legally obtaining a voter list is costly, and that number increases depending on how much information it provides, according to Vickery. For example, a database of all U.S. voters can be sold for around $270,000. The recent scandal of Bernie Sanders’ staff accessing Hillary Clinton’s campaign database demonstrates just how valuable this information is for political purposes. So far, no culprit has been revealed but Vickery and Ragan said they will continue to investigate the leak and update the public on any new developments.
If you’re concerned about the state of your personal information and vulnerability to identity theft, you can invest in a credit monitoring service that can alert you to certain activity that may indicate fraud and give you much-needed peace of mind.