Security Market Segment LS
Friday, 18 August 2017 11:33

Chicago voter database left open on Amazon cloud


The entire database of 1.8 million Chicago voters was left open to all and sundry on an Amazon cloud-based storage site which was configured for public access.

Cyber security firm UpGuard discovered the database which included voter names, addresses, phone numbers, driver’s licence numbers, and partial Social Security numbers. The database was operated by Omaha-based voting machine firm Election Systems & Software.

It appeared to have been produced around the time of the 2016 general election for the Chicago Board of Election Commissioners, an ES&S customer since 2014, the company said.

The data was found by UpGuard's director of strategy Jon Hendren.

The contents were almost completely downloadable by anyone who accessed the Web address. 

It was located at the AWS S3 subdomain “chicagodb”, and the main repository had two folders: “Final Backup_GeneralNov2016” and “Final Backups_6_5_2017,” .

There was also a 12GB MSSQL database file. Many filenames indicated the name of ES&S, a prominent US provider of voting machines and associated software.

Hendren notified UpGuard's director of Cyber Risk Research, Chris Vickery, who is well known for finding such data on the Web.

He analysed the data and found that it consisted of a 12GB file, a 2.6GB file and a 1.3GB file stored in each folder.

Each was a separate copy of a database containing the personal information of 1.864 million Chicago voters. The affected municipality was notified and the repository was secured on 12 August.

"While the databases contain a large number of SQL tables, with filenames including such phrases as 'BallotImages', 'polldata_summary', and 'pollworker_times', of perhaps greatest interest is the table set titled 'dbo.voters'," UpGuard said.

"This dataset lists the 1.864 million Chicago voters, each assigned a unique, internal voter ID, as well as their names, addresses, dates of birth, and more identifying details across dozens of columns."

The UpGuard staffer who wrote the article about the discovery, Dan O'Sullivan, is a Chicago resident and registered voter, and he was able to verify the accuracy of the data by looking himself up. 

"The rapid closure of this breach by ES&S, and the ready co-operation of the City of Chicago in securing this data, is good news for all registered voters in the city," UpGuard said. 

"Once an exposure is found to have happened, it is imperative to move swiftly to foreclose upon the possibility of any exploitation of the data by malicious actors. 

"However, for real cyber resilience to take hold, IT enterprises must begin to craft processes capable of checking and validating any such openings before it reaches the public Internet, lest the barn door be closed only after the horse has bolted."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments