Security consultants say they discovered an unsecured online database with information on nearly 600,000 Alaska voters last week.
The database had more detail than what would have already be publicly available through the Alaska Division of Elections. Analysts at Kromtech Security found the information online without any password requirements, meaning it was accessible – for a time – to anyone with a web browser.
Jeremiah Fowler is a security analyst for Kromtech. He says his company contacted the database owners, who have since added protections to secure the information.
“We have an aging electoral system that’s struggling to keep up with technology in the digital age, so there’s a lot of risk and a lot of ways this data could be used,” Fowler said.
The database included common information like names, dates of birth and marital status, but it also had more personal details, such as household income, ages of an individual’s children or whether they are a homeowner.
Fowler said another vendor had compiled the database on Alaska voters and bypassed security options on their server, including requiring login credentials or a password, to make it easier for their clients to access.
Clients that buy access to such databases are often political groups trying to better target their campaign resources. But Fowler said neither the vendor or the company that owned the data on Alaska voters would name their client.
And Fowler said it’s hard to know whether anyone accessed the information while it was not secure or what someone might do with it.
“When it comes to cyber crime, I’m surprised and surprised again, by the creativity and the lengths people will go to commit crimes,” Fowler said.
While the database included roughly 60,000 more names than the number of registered Alaska voters in the state’s records, such compilations often include duplicate or outdated entries.