Voter registration records of 191 MILLION Americans is leaked in database

• e-mail

An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the Internet due to an incorrectly configured database, he said on Monday.

The database includes full names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.

Vickery, a tech support specialist from Austin, Texas, said he found the database while looking for information exposed on the Web in a bid to raise awareness of data leaks.

Independent computer security researcher, Chris Vickery, uncovered a database of information on 191 million voters that is exposed on the Internet due to an incorrectly configured database, he said on Monday (file photo)

'I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result,' Vickery told CSO Online.

'Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?'

The database also includes a detailed voting history since 2000, fields for voter prediction scores, a unique voter ID, state voter ID, gender and a yes/no field for if their number is on the national do-not-call list, according to CSO Online.

Vickery said he could not tell whether others had accessed the voter database, which took about a day to download. 

He contacted DataBreaches.net last Sunday to report that he had uncovered the database with 191,337,174 million Americans' voter information exposed as a result of the incorrectly configured database.

'Thankfully, there are no Social Security numbers, driver's license numbers, or any financial information in this particular database, but full name, date of birth, and address and phone number with political party and other fields – are problematic enough when it comes to protecting our privacy and security,' the Databreaches.net report said.

While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. 

A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.

'The alarming part is that the information is so concentrated,' Vickery said.

Vickery said he has not been able to identify who controls the database, but that he is working with U.S. federal authorities to find the owner so they can remove it from public view. He declined to identify the agencies. 

A representative with the Federal Bureau of Investigation declined to comment on the matter.

A representative with the U.S. Federal Elections Commission, which regulates campaign financing, said the agency does not have jurisdiction over protecting voter records. 

CSO Online said the exposed information may have originally come from campaign software provider NationBuilder because the leak included data codes similar to those used by that firm.

In a statement, NationBuilder Chief Executive Officer Jim Gilliam said the database was not created by the Los Angeles-based company, but that some of its information may have come from data it freely supplies to political campaigns.

Vickery said he could not tell whether others had accessed the voter database, which took about a day to download. Above shows a screen grab following Vickery's search of his own record in the database

'From what we've seen, the voter information included is already publicly available from each state government, so no new or private information was released in this database,' Gilliam said. 

Gilliam also said that they do not provide access to anyone for non-political purposes or that would violate any state's laws, according to FORBES. 

Regulations on protecting voter data vary from state to state, with many states imposing no restrictions. 

California, for example, requires that voter data be used for political purposes only and not be available to persons outside of the United States.

Privacy advocates said Vickery's findings were troubling.

'Privacy regulations are required so a person's political information can be kept private and safe,' Jeff Chester, executive director of the Washington-based Center for Digital Democracy, said.

The leak was first reported by CSO Online and Databreaches.net, computer and privacy news sites that Vickery said helped him attempt to locate the database's owner. 

'I want our society to respect privacy more,' Vickery said. 'We need serious referendum on the way private data is handled.'

Vickery said he has uncovered about 80 exposed databases, including the recent reported exposure of data on millions of fans of Sanrio Co Ltd's Hello Kitty.