Security Market Segment LS
Friday, 18 August 2017 11:33

Chicago voter database left open on Amazon cloud


The entire database of 1.8 million Chicago voters was left open to all and sundry on an Amazon cloud-based storage site which was configured for public access.

Cyber security firm UpGuard discovered the database which included voter names, addresses, phone numbers, driver’s licence numbers, and partial Social Security numbers. The database was operated by Omaha-based voting machine firm Election Systems & Software.

It appeared to have been produced around the time of the 2016 general election for the Chicago Board of Election Commissioners, an ES&S customer since 2014, the company said.

The data was found by UpGuard's director of strategy Jon Hendren.

The contents were almost completely downloadable by anyone who accessed the Web address. 

It was located at the AWS S3 subdomain “chicagodb”, and the main repository had two folders: “Final Backup_GeneralNov2016” and “Final Backups_6_5_2017,” .

There was also a 12GB MSSQL database file. Many filenames indicated the name of ES&S, a prominent US provider of voting machines and associated software.

Hendren notified UpGuard's director of Cyber Risk Research, Chris Vickery, who is well known for finding such data on the Web.

He analysed the data and found that it consisted of a 12GB file, a 2.6GB file and a 1.3GB file stored in each folder.

Each was a separate copy of a database containing the personal information of 1.864 million Chicago voters. The affected municipality was notified and the repository was secured on 12 August.

"While the databases contain a large number of SQL tables, with filenames including such phrases as 'BallotImages', 'polldata_summary', and 'pollworker_times', of perhaps greatest interest is the table set titled 'dbo.voters'," UpGuard said.

"This dataset lists the 1.864 million Chicago voters, each assigned a unique, internal voter ID, as well as their names, addresses, dates of birth, and more identifying details across dozens of columns."

The UpGuard staffer who wrote the article about the discovery, Dan O'Sullivan, is a Chicago resident and registered voter, and he was able to verify the accuracy of the data by looking himself up. 

"The rapid closure of this breach by ES&S, and the ready co-operation of the City of Chicago in securing this data, is good news for all registered voters in the city," UpGuard said. 

"Once an exposure is found to have happened, it is imperative to move swiftly to foreclose upon the possibility of any exploitation of the data by malicious actors. 

"However, for real cyber resilience to take hold, IT enterprises must begin to craft processes capable of checking and validating any such openings before it reaches the public Internet, lest the barn door be closed only after the horse has bolted."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments