Databreaches and other sites are reporting that a database of 191 million voters is available publicly online. As of this morning, after a week of trying to track down the owner of the database, the owner is still a mystery. 191 million is likely the number of registered voters in the United States.
Depending on the state, voter information may be unrestricted (such as Colorado) or confidential (such as California), free or very expensive to buy.
So what is in this database?
Besides your first and last name, home and mailing addresses, date of birth, gender , ethnicity, party affiliation, the date you registered to vote, your email address if you provided one, your state voter ID, whether you are a permanent absentee voter, whether you are on the do not call list, whether you voted in each primary and general election since 2000 and other information.
Voter campaigns are big data wonderlands. Some of the lists include whether you are a gun owner or pro or anti abortion, whether you are likely to vote a straight party ticket or not or stuff like that.
During campaign season, when you get a phone call asking you about your thoughts, the reason is so that they can fill in the blank fields in their database and sell it to campaigns.
Technically, this is not a breach – at least for residents for some states. For other states it might be. For some of the data, for the companies who sell it, they are probably not thrilled that anyone who can find it can download it for free. One firm charges $270,000 for a single copy of the database. If it is free, it could, kind of, cut into their revenue stream.
Obviously for some people, having their home address, phone number and other information publicly available – like police officers, attorneys, public defenders and activists – could put their lives in danger.
However, that genie is out of the bottle now. If you are in that group for who this is a life safety issue, you should be on alert because at this point we have no idea how long the data has been exposed, who has downloaded it or how it has been shared.
I guess it is good news that the database does not include social security numbers, driver’s license numbers or credit card information, but that doesn’t make me sleep a whole lot easier.
However, until Congress decides to do something about it, for the most part, you have no control over things. An individual state legislature – like California has done – can set rules on the use of this data. The California AG, NY FBI office and the Internet Crime Center have all been notified. It is just not clear if this is a crime.
As of right now, the database is apparently offline. Too little, too late.
A complete list of fields is available here.
Information for this post came from Chris Vickery, who discovered this glitch and Databreaches.