The records were spotted by Bob Diachenko, Kromtech Security's head of communications, who notified Robocent of the leak. The data were secured shortly thereafter and the company's co-founder, Travis Trawick, told ZDNet that the records contained in the cache were from "an old bucket from 2013-2016 that hasn't been used in the past two years." It's unclear how long the records were exposed, but Robocent says it's looking into the leak. Trawick said those who were affected will be notified if Robocent is "required by law" to do so.
It has been a bad few years for voter data security. Last year, information on nearly 200 million US citizens was exposed by a political ad-targeting strategist, and a voting machine supplier leaked personal information from over 1.8 million Chicago residents. In 2016, the Republican Party of Iowa exposed information from around 2 million voters and in 2015, a badly configured database was spotted exposing voter registration info, including addresses, party affiliations and voter IDs, for 191 million Americans.
Last year, Harvard researchers also found that some states' voter registration websites left voter records vulnerable to manipulation and earlier this year, the Department of Homeland Security revealed that Russian forces accessed a number of US states' voter registration databases ahead of the last presidential election.