Advertisement

Robocall company exposes hundreds of thousands of voter records

Names, addresses and political affiliations were left accessible.

Hundreds of thousands of voter records were left exposed on an Amazon S3 bucket, ZDNet reports, this time by Virginia-based robocalling firm Robocent. Among the information that was left accessible were names, home addresses, gender, phone numbers, age, birth years, ethnicity, education and language spoken as well as state-provided or inferred political leanings such as "weak Democrat," "hard Republican" and "swing" voter. The cache contained nearly 2,600 files, including audio recordings of political messages.

The records were spotted by Bob Diachenko, Kromtech Security's head of communications, who notified Robocent of the leak. The data were secured shortly thereafter and the company's co-founder, Travis Trawick, told ZDNet that the records contained in the cache were from "an old bucket from 2013-2016 that hasn't been used in the past two years." It's unclear how long the records were exposed, but Robocent says it's looking into the leak. Trawick said those who were affected will be notified if Robocent is "required by law" to do so.

It has been a bad few years for voter data security. Last year, information on nearly 200 million US citizens was exposed by a political ad-targeting strategist, and a voting machine supplier leaked personal information from over 1.8 million Chicago residents. In 2016, the Republican Party of Iowa exposed information from around 2 million voters and in 2015, a badly configured database was spotted exposing voter registration info, including addresses, party affiliations and voter IDs, for 191 million Americans.

Last year, Harvard researchers also found that some states' voter registration websites left voter records vulnerable to manipulation and earlier this year, the Department of Homeland Security revealed that Russian forces accessed a number of US states' voter registration databases ahead of the last presidential election.