15 million Florida voters’ data leaked on Russian hacking forum

A popular Russian hacking forum has leaked the data of roughly 15 million Florida voters. This leak comes two weeks before the US presidential elections, which will see Republican incumbent Donald Trump vying for reelection against Democratic opponent Joe Biden.

The data leaked on the Russian hacking forum includes Florida voters’ names, voter IDs, phone numbers, addresses, dates of birth, gender, race, party affiliation and more.

It is unclear who is behind the leak, although information contained within the post claims that the database is composed of 50 files merged into one table. The scraped data seems to date from August 2018. Furthermore, as of December 31, 2019, there were only about 13.5 million registered voters in Florida, which means that some of the data included in this leaked database is duplicate. Most of the data contained within the database appears to be publicly available information.

We reached out to the Florida Division of Elections for information on any recent breaches to their systems. A Florida Department of State spokesperson told CyberNews:

"There has been no breach to Florida’s Voter Registration database...The information referenced...is public record under Florida law and is publicly-available voter data provided by the Division of Elections as a result of a public records request. These records are available at no charge to anyone who requests it. These files do not contain the confidential information of a voter if that voter has completed and filed an Address/Identification Confidentiality Request form with the Department of State or the local Supervisor of Elections."

To see if your email address has been exposed in this or other security breaches, use our personal data leak checker.

What data is contained in the leak?

The extensive Florida voter database leak contains 14,973,822 records with about 40 different data points in a 2 GB file. Some of the data being leaked includes:

  • Name
  • Date of birth
  • Phone number
  • Email address
  • Voter ID
  • Voter status
  • Residence address
  • Mailing address
  • Race
  • Gender
  • Registration date
  • Party affiliation
  • Precinct
  • School board district
  • House, Senate and Congressional districts

Below is a screenshot of the leaker's message on the Russian hacking forum:

At the moment, there is no clear information where the information was collected, whether it was stolen from a database or scraped, or who is behind the leak. 

This Florida voter database leak follows a September leak of 7 million Michigan voters’ data. However, the FBI assured American voters in September that no election systems had been hacked this year

Due to the timing, fears of election interference – especially by Russian organizations or foreign entities – have put many Americans on high alert. Therefore, with only two weeks left until the US presidential elections on November 3, 2020, the timing of the Florida voter database leak seems suspicious.

What does this mean for you?

If you are a Florida voter, there’s a high chance that your information has been leaked. While the Florida voting system in general will not be affected by this leak – seeing as this database leak does not contain the really sensitive information of who you’ve voted for – this is nonetheless a treasure trove for cybercriminals and foreign actors.

  • Cybercriminals will be able to use the extensive amount of information contained in this database to create convincing phishing emails. The contact and biographical details contained within, including the names, email addresses, physical addresses, race and gender, can be enough for scammers to perform targeted attacks against the exposed users via spam emails. 
  • They can also target Florida voters based on their party affiliation or voter IDs for phishing-related social engineering or even disinformation campaigns.
  • Other criminals can combine the names, email addresses, dates of birth and phone numbers found in this database with other breaches to build profiles of potential targets for identity theft

If your information was contained in the database, we recommend you:

  • Immediately change your email password and consider using a password manager to create complex passwords 
  • Be on the lookout for potential spam emails and phishing messages in your inbox. Do not click on anything suspicious, including emails from unknown senders.

Leave a Reply

Your email address will not be published. Required fields are markedmarked