One of the largest state counties in Illinois, St. Clair County, has had its voter data exposed. The county clerk’s office leaked sensitive documents used to verify voter registration lists.
Voter data is among the most crucial cornerstones of any functioning democracy. However, the Cybernews research team has discovered that the St. Clair Clerk's office leaked nearly half a million documents used to identify voters in the Illinois county.
The large pile of documents was hosted on an Amazon S3 bucket owned by the St. Clair Clerk's office. The instance with the exposed data has “voter documents” in its URL. According to the team, a total of 470,000 documents with sensitive voter data were left unguarded for months.
While we have no evidence to claim that attackers accessed the data, threat actors constantly prowl for exposed databases with sensitive information. Leaving an exposed instance is akin to leaving a wallet on a park bench: few would expect to find it lying there after a few hours.
“Exposing voter documents increases potential voter fraud and vote manipulation risk. Additionally, malicious actors could exploit this data for identity theft, financial fraud, or targeted phishing attempts, posing particular risks to vulnerable adults who rely on safeguards for their protection and confidentiality,” our researchers said.
The team first discovered the exposed instance in March 2024, claiming it had been accessible for several months. Researchers contacted the St. Clair Clerk's office, and the open bucket was secured. The team believes the most likely reason for the leak was the instance’s misconfiguration.
We reached out to the county for official comment but have yet to receive a reply.
What voter info was leaked?
The exposed instance included Paperless Online Voter Applications (POVAs), National Change of Address (NCOA) applications, and applications for vote by mail ballot. All applications reveal sensitive voter information such as:
- Names and surnames
- Current and former addresses
- Dates of birth
- ID numbers
- Driver’s license numbers
- Social Security numbers
- Email addresses
- Phone numbers
- Signatures
Not only is exposing nearly half a million documents in a country with over 250,000 residents a major privacy concern, but the leaked data concerns voter information, ballooning the risk factor. For example, malicious actors could use the leaked data to target and intimidate voters to suppress voter turnout.
On the other hand, attackers could use leaked information to target exposed voters through disinformation campaigns to impact the election outcome. Attackers could even target specific age groups to influence their votes.
Societal polarization and the two-party system make every vote of the utmost importance, as national US elections have been won or lost by several hundreds or several thousand votes. Given recent polls, candidates in this year’s presidential elections are at a close distance, and the outcome could be determined by a slim margin as well.
St. Clair County is the oldest Illinois county and the 9th most populous in the state.
In 2018, hackers obtained millions of voter records and sold them on the dark web to the highest bidder. The voters' personal information could be a goldmine for digital and brick-and-mortar criminals, not to mention marketers of all stripes.
Your email address will not be published. Required fields are markedmarked