BreachExchange mailing list archives
Re: Chicago Voter Database Hacked
From: "Dissent" <Dissent () pogowasright org>
Date: Tue, 24 Oct 2006 09:16:11 -0400 (EDT)
Some additional details here: http://www.chicagotribune.com/technology/chi-0610240029oct24,1,3303012.story?coll=chi-techtopheds-hed&ctrack=1&cset=true Chicago election officials said Monday they were forced to patch a security flaw on their Web site after a candidate found a programming error that had made private voter information vulnerable to theft for at least five years. Officials said the glitch never threatened the integrity of election records. But they now have to determine whether anyone exploited the opportunity to steal the Social Security and birth date information from more than 780,000 registered voters in the city. "We don't have any evidence that there was any theft," said Tom Leach, a spokesman for the Chicago Board of Election Commissioners. "But we don't want to be in a position where someone had their Social Security and date of birth stolen." Officials acknowledged that for the last five or six years it would have only taken a few keystrokes for a knowledgeable computer user to obtain the personal information for more than half of the 1.3 million identities in the system. Leach said that the error was fixed late Friday and that the Cook County state's attorney has been informed of the situation and the potential for identity theft. He said the board plans to hire a computer forensics expert to determine if personal information was stolen. Leach said the private information was on the Web site because when it was first created in the mid-1990s, users were allowed to search for their registration by Social Security number. That option was dropped in 2000 or 2001, he said, adding that since 2003 officials have stopped collecting full Social Security numbers from new voters. Until the bug was fixed, the private information could be viewed by using a feature in a Web browser that allows the user to see the raw data that underlie the page. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 138 million compromised records in 441 incidents over 6 years.
Current thread:
- Chicago Voter Database Hacked security curmudgeon (Oct 24)
- Re: Chicago Voter Database Hacked Dissent (Oct 24)