A major supplier of US electronic voting machines confirmed that it accidentally exposed voter data of more than 1.8 million Chicago residents.
The unprotected backup files were found on a cloud-based storage site by cybersecurity firm UpGuard, which says the records appear to have been produced ahead of the 2016 US election.
The database, which included names, addresses, dates of birth, partial Social Security numbers and, in some cases, driver’s license and state ID numbers was left unintentionally exposed by voting machine supplier Election Systems & Software (ES&S).
Researchers at the firm UpGuard said the sensitive information was left publicly downloadable on an Amazon Web Services (AWS) device. They say it was “only exposed because the Amazon S3 bucket in question was configured to allow public access, permitting anyone accessing the repository’s URL to download its contents.”
ES&S, based in Omaha, Nebraska, said in a statement that they “promptly secured” the files and shut down the AWS server on August 12, after being alerted to their error.
The company provides voting machines and services in at least 42 states and describes itself as the “world’s largest elections-only company.”
It has now launched a full investigation, with the assistance of a third-party firm, to perform “thorough forensic analyses of the AWS server.”
The files contained no information on how individuals voted and had no impact on the results of any election, according to ES&S.
The Chicago Election Board confirmed to Gizmodo they were aware of and “deeply troubled” by the incident.
UpGuard said the data exposure “highlights the continuing danger of sensitive voter information being exposed to the public internet by third-party vendors hired by party organizations and electoral supervisors to assist in their efforts.”