Personal information, including names, addresses, and dates of birth, of nearly two million registered voters in Chicago was leaked online on an Amazon cloud-computing server, officials said.
According to a report in USA Today on Saturday, a file of the voter database was discovered on August 11 by a cyber security researcher, who informed election officials of the exposure the following day.
“The file was taken down three hours after officials were informed, and the incident was made public on Thursday,” the report said.
Chicago’s Board of Election Commission stored the back-up data files on Amazon Web Services’ servers that included partial Social Security numbers, driver’s licence and state identification numbers, among other personal information of voters.
According to the officials, Amazon Web Services provides online service, but the security configurations are determined by the user.
“Amazon’s cloud is by default programmed to be secure, so someone within Electronic Systems and Software — US’s largest voting systems vendor — must have changed the settings to public,” officials said.
According to the Electronic Systems and Software, it would review its procedures and protocols to ensure that its systems and data are secure in order to prevent similar situations from happening again.
“We were deeply troubled to learn of this incident, and very relieved to have it contained quickly,” Marisel Hernandez, Chicago Election Board Chairperson, said.
She said the board has been in steady contact with the Electronic Systems and Software to order and review the steps that must be taken, including the investigation of the Electronic Systems and Software’s Amazon Web Services server.
The incident is concerning for the US as it has come at a time when the debate into an alleged Russian meddling in the 2016 presidential election is going unabated.
“If the breach in Chicago is an indicator of the Electronic Systems and Software’s security competence, it raises a lot of questions about their ability to keep both the voting systems they run and their own networks secure,” Susan Greenhalgh, an election specialist with Verified Voting, a non-partisan election integrity non-profit, said.