Capitol Fax.com - Your Illinois News Radar » Millions of Illinois election records were exposed by contractor’s unsecured databases
SUBSCRIBE to Capitol Fax      Advertise Here      About     Exclusive Subscriber Content     Updated Posts    Contact Rich Miller
CapitolFax.com
To subscribe to Capitol Fax, click here.
Millions of Illinois election records were exposed by contractor’s unsecured databases

Tuesday, Sep 17, 2024 - Posted by Isabel Miller

* WIRED last month

Databases containing sensitive voter information from multiple counties in Illinois were openly accessible on the internet, revealing 4.6 million records that included driver’s license numbers as well as full and partial Social Security Numbers and documents like death certificates. Longtime security researcher Jeremiah Fowler stumbled upon one of the databases that appeared to contain information from DeKalb County, Illinois, and subsequently discovered another 12 exposed databases. None were password protected nor required any type of authentication to access. […]

“I’ve found voter databases in the past, so I kind of know if it’s a low-level marketing outreach database that someone has purchased,” Fowler tells WIRED. “But here I saw voter applications— there were actually scans of documents, and then screenshots of online applications. I saw voter rolls for active voters, absentee voters with email addresses, some of them military email addresses. And when I saw Social Security numbers and driver’s license numbers and death certificates I was like, ‘OK, those shouldn’t be there.’”

Through public records, Fowler determined that all of the counties appear to contract with an Illinois-based election management service called Platinum Technology Resource, which provides voter registration software and other digital tools along with services like ballot printing. Many counties in Illinois use Platinum Technology Resource as an election services provider, including DeKalb, which confirmed its relationship with Platinum to WIRED.

Fowler reported the unprotected databases to Platinum on July 18, but he says he didn’t receive a response and the databases remained exposed. As Fowler dug deeper into public records, he realized that Platinum works with the Illinois-based managed services provider Magenium, so he sent a disclosure to this company as well on July 19. Again, he says he did not receive a response, but shortly after the databases were secured, pulling them from public view. Platinum and Magenium did not return WIRED’s multiple requests for comment.

* Capitol News Illinois today

Fowler identified 15 unsecure databases before contacting several county clerks and eventually a technology vendor that is contracted to provide services for those counties.

Fowler told Capitol News Illinois that the list of counties affected include Alexander, Boone, Champaign, DeKalb, Effingham, Gallatin, Hamilton, Henry, Jefferson, Ogle, Pike, Sangamon, St. Clair, Williamson and Winnebago.

He traced the issue to Platinum Technology Resource, an elections technology company based in Batavia. It is unclear if anyone other than Fowler accessed the information, although Platinum has denied that any voter registration forms were “leaked or stolen.”

Capitol News Illinois contacted county clerks in all of the counties Fowler identified. All but one, Alexander County, responded and indicated they had been in communication with Platinum about the issue. One other county, Henry, denied that they were affected by the incident. […]

Platinum’s website indicates it currently contracts with 20 election authorities around Illinois. A Capitol News Illinois review of 12 of its contracts showed they had a cumulative value of more than $1.7 million of annual license fees ranging from about $4,500 to $58,000.

       

11 Comments
  1. - Perrid - Tuesday, Sep 17, 24 @ 9:32 am:

    The first time Rich posted this I think it only mentioned DeKalb and I thought I might not be affected, but apparently not. Sigh.


  2. - hisgirlfriday - Tuesday, Sep 17, 24 @ 9:51 am:

    Not the first time this company shows up in a screwup

    https://www.bnd.com/news/politics-government/article68395487.html


  3. - OutHereInTheMiddle - Tuesday, Sep 17, 24 @ 10:11 am:

    And like every breach of personal information nothing will happen because there are no meaningful privacy laws in the US.


  4. - Two Left Feet - Tuesday, Sep 17, 24 @ 10:31 am:

    Regardless of your political affiliation, we could do so much more to secure our elections. Breaches like this reduce the public’s trust in the system. I’m just spitballing ideas, but consider using the services of Jeremiah Fowler and other white hats to perform regular security audits. Let’s not wait for evidence of breaches and wrongdoing, and spend more resources on prevention.


  5. - Nearly Normal - Tuesday, Sep 17, 24 @ 10:39 am:

    News like this does not help assure voters that the election process is secure. This just feeds into the conspiracy theories out there that the voting was and still can be rigged. Just what we don’t need with an upcoming presidential election that may be the closest in history. As an election judge, I have had voters who won’t use the electronic voting machines because they think they can be rigged. They want a paper ballot. Well, guess what? the paper ballot is fed into an electronic counter. I don’t tell them that but everything is taken to the County Clerk’s office and reran on their machines.


  6. - H-W - Tuesday, Sep 17, 24 @ 10:54 am:

    Thanks to Fowler. Good work.

    Perhaps I am off-base, but I prefer news like this. It suggests a problem was found, and the problem was resolved. This is a common model for cyber-security experts: try to break into a system in order to find out if a system is broken. As a result, we know that those voter rolls are now secured.

    Ironically, now that we have less reason to fear, I am certain some will use this new information to suggest (falsely) that we are now less secure.


  7. - Candy Dogood - Tuesday, Sep 17, 24 @ 11:59 am:

    These counties essentially paid a vendor who published these records on the website for anyone with any interest to access and retain.

    Hopefully they’re adequately upset. This wasn’t a whoopsies.


  8. - Suburban Mom - Tuesday, Sep 17, 24 @ 12:06 pm:

    You should start with the assumption that all data will eventually be breached, and work from there. If you know that all your data, everywhere, would be breached, what societal and legal protections would you like to have in place? You can’t protect yourself; it has to be a systemic set of solutions.


  9. - Give Us Barabbas - Tuesday, Sep 17, 24 @ 12:16 pm:

    A data breach like this is a bell you can’t unring; your personal data was out there, and you can bet someone else besides the white hat hacker slurped that data up with automatic data scraper bots. Next stop the darkweb brokers. This company needs a very strong punishment in order to be a warning to the others.


  10. - Two Left Feet - Tuesday, Sep 17, 24 @ 12:44 pm:

    “Perhaps I am off-base, but I prefer news like this”

    Preferred relative to what? I prefer a regularly scheduled audit by election authorities (including any third party providers) which includes compliance with laws including the handling of personal information. The audit would list deficiencies and the steps taken to correct. The audit is made public. Many other governmental entities do this. It does not make the public confident in the election process when a breach is publish in a national news source shortly before voting begins. Did Fowler reach out to the election authorities? Did the county clerks and third party providers notify the individual impacted by the breach?


  11. - thisjustinagain - Tuesday, Sep 17, 24 @ 6:46 pm:

    Why isn’t all this data encrypted, when I can encrypt on my lowly home machine??


TrackBack URI

Sorry, comments for this post are now closed.


* Showcasing The Retailers Who Make Illinois Work
* Reader comments closed for the holidays
* And the winners are…
* SUBSCRIBERS ONLY - Update to previous editions
* Isabel’s afternoon roundup
* Report: Far-right Illinois billionaires may have skirted immigration rules
* Question of the day: Golden Horseshoe Awards (Updated)
* Energy Storage Brings Cheaper Electricity, Greater Reliability
* Open thread
* Isabel’s morning briefing
* SUBSCRIBERS ONLY - Today's edition of Capitol Fax (use all CAPS in password)
* Live coverage
* Selected press releases (Live updates)
* Yesterday's stories

Support CapitolFax.com
Visit our advertisers...

...............

...............

...............

...............

...............

...............

...............


Loading


Main Menu
Home
Illinois
YouTube
Pundit rankings
Obama
Subscriber Content
Durbin
Burris
Blagojevich Trial
Advertising
Updated Posts
Polls

Archives
December 2024
November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Blog*Spot Archives
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005

Syndication

RSS Feed 2.0
Comments RSS 2.0




Hosted by MCS SUBSCRIBE to Capitol Fax Advertise Here Mobile Version Contact Rich Miller