Data Backup Digest

It seems as if the data leaks just keep on coming. It’s been several months since the latest U.S. presidential election, but databases containing private voter information, including first and last names, home address, birthdates and even driver’s license numbers, continue to face exposure online. The latest incident involves a database owned by the Chicago Board of Election and the contact information of nearly 2 million registered voters.

Although it belonged to the Chicago Board of Election, the database itself was overseen and maintained by a third-party known as Election Systems & Software. Based out of Omaha, Nebraska, they’ve been a popular provider of election-oriented software and hardware across the entire United States. But the recent leak has some experts wary.

Susan Greenhalgh, an expert on the election process and an employee of non-partisan non-profit known as Verified Voting, echoed these sentiments by saying: ''“Not only does ES&S provide the voting equipment, in many jurisdictions ES&S programs and helps to run the equipment for election officials. If the breach in Chicago is an indicator of ES&S's security competence, it raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure.”

Despite the fact that they weren’t in direct control over the database, officials with the Chicago Board of Election moved quickly to minimize the damage and contain the leak. As stated by chairwoman Marisel Hernandez: "We were deeply troubled to learn of this incident, and very relieved to have it contained quickly. We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server.”

Luckily for the Chicago Board of Elections and the voters of Chicago, this information never made it into the hands of hackers or identity thieves. The leak was discovered by a security expert with Upguard, a company who specializes in online security, and the data was secured within hours after learning about the leak. But given the current number of cyber-threats and the current Russia-sponsored attacks on U.S. voting systems, this is a leak that isn’t being taken lightly.

Even if hackers didn’t get a hold of this specific database, recurring events like this highlight serious security flaws in online databases. Ben Johnson, chief technical officer with Obsidian Security and a Chicago voter, stated: “Every copy of data is a liability, and as it becomes easier, faster, and cheaper to transmit, store, and share data, these problems will get worse. It’s hard to say malicious actors have found the data, but it is likely some were already hunting for it. Now, with more headlines and more examples of where to look, you can bet that malicious actors have already written the equivalent of search engines to more automatically find these hidden treasures of sensitive data.”''

To find out more information on UpGuard, the computer security company that originally found the leak, please visit their official website at {{https://www.upguard.com/|www.upguard.com}}.