Hackread reports that Illinois had 4.6 million voter and election documents exposed from 13 databases that lacked any security authentication measures.
Included in the information leaked by the misconfigured databases were individuals' names, addresses, Social Security numbers, and other sensitive personally identifiable information, as well as ballot templates and other election records, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor showed. Further examination revealed that the counties with the exposed data were involved with election management, ballot printing, and voter registration software provider Platinum Technology Resource, whose Elections Services business is supported by tech firm Magenium. "The potential risk of a coordinated disinformation campaign using voter lists and voter registrations is a serious concern. All publicly exposed databases have already been secured by Platinum Technology Resource and Magenium after being notified. Having PII of voters would potentially allow malicious actors to send them misleading information based on their party affiliation," said Fowler, who recommended the utilization of time-limited access tokens, encryption, and other access controls in databases to prevent possible compromise.
