[BreachExchange] 99% of Texas Voter Records Exposed

Destry Winant destry at riskbasedsecurity.com
Mon Aug 27 09:14:16 EDT 2018


https://www.infosecurity-magazine.com/news/99-of-texas-voter-records-exposed/

Election security has again been called into question after millions
of Texas voter records were left exposed. A file discovered by Flash
Gordon, a New Zealand-based data breach hunter, was left on an
unsecured server without a password, according to TechCrunch. Of the
15.2 million total registered Texas voters, an astounding 14.8 million
records were left exposed on a single file.

The data in the file was reportedly compiled by a conservative-focused
data firm, The Data Trust, and contained personal information such as
voter’s name, address, gender and several years’ worth of voting
history, including primaries and presidential elections.

“The data also included gauges on voters’ views regarding immigration,
abortion and the Second Amendment. The file also held data assessing
if voters trusted Hillary Clinton,” The Hill reported.

The news comes at a time when trust in data protection and privacy
with regard to voting is low. Confirmation of Russian meddling has set
off alarms across the aisle as candidates move toward midterm
elections. That 14.8 million personal records of Texas voters were
found on an unprotected server, without even the basic security
measure of a password, does little to boost confidence in election
systems, said Bill Evans, a vice president at One Identity.

“The idea of having a database like this sitting with no password is
such an incredible lapse in judgment today. While we all know that
keeping up with password best practices can be somewhat annoying –
forgetting and resetting them in a broken cycle – it is inexcusable
and maybe illegal to leave data that contains personal information
like this completely unprotected,” Evans said.

“It is a good reminder, however, and call to action for any
organization that is storing sensitive data, that it is their
responsibility to ensure security, as well as authentication to access
it. There are four basic security measures that should be part and
parcel of doing business today. Those include end-user education,
multi-factor authentication, privileged-access management, and access
governance to ensure only the right people have the right access to
the right things at the right time.”


More information about the BreachExchange mailing list