An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.
The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.
Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks.
“I want our society to respect privacy more,” he said. “We need serious referendum on the way private data is handled.”
He said he has uncovered about 80 exposed databases, including the recent reported exposure of data on millions of fans of Sanrio Co Ltd’s Hello Kitty.
Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.
While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.
“The alarming part is that the information is so concentrated,” said Vickery.
Vickery said he has not been able to identify who controls the database. He said he is working with U.S. federal authorities to find the owner so they can remove it from public view. He declined to identify the agencies.
A representative with the Federal Bureau of Investigation declined to comment on the matter.
A representative with the U.S. Federal Elections Commission, which regulates campaign financing, said the agency does not have jurisdiction over protecting voter records.
Regulations on protecting voter data vary from state to state, with many states imposing no restrictions. California, for example, requires that voter data be used for political purposes only and not be available to persons outside of the United States, according to the website of NationBuilder, a company that sells voter records.
Privacy advocates said Vickery’s findings were troubling.
“Privacy regulations are required so a person’s political information can be kept private and safe,” said Jeff Chester, executive director of the Washington-based Center for Digital Democracy. The leak was first reported by CSO Online and Databreaches.net, computer and privacy news sites that Vickery said helped him attempt to locate the database’s owner.
(Reporting by Jim Finkle and Dustin Volz; Editing by Jonathan Oatis)