More than 1.7 Million Registered Voters Have Personal Information Disclosed
Forensicon just uncovered and reported a massive security breach at the Chicago Board of Election’s website http://www.chicagoelections.com. The last time this happened was back in 2006 when past and present Chairman of the Board of Elections ordered a computer forensics audit, yet here we are again with another major breach of voters’ personal information.
The security breach was discovered when Cyber Security and Computer Forensics firm, Forensicon’s President, Lee Neubecker, was attempting to access the Chicago Board of Elections website http://www.chicagoelections.com.
“I wanted to compare voting patterns between Cleveland, Ohio’s Ward 5 that reported 99% voting rates for President Obama in certain precincts. When I visited the Chicago Board of Election’s website, http://www.chicagoelections.com, to compare election returns of demographically similar wards and precincts in Chicago, I discovered the site would not load. I then tried browsing ftp.chicagoelections.com. The ftp port on chicagoelections.com did not require any authentication, but revealed the voter registration database username and password, among countless other data that should not be accessible to the public. A treasure trove of sensitive voter information such as driver’s license numbers, cell phone numbers, emails, dates of birth and more was revealed,” reported Neubecker.
Forensicon analysts have begun to review some of the compromised data in an attempt to quantify the scope of the information breached and inform the public. One unencrypted spreadsheet alone “fulldump.xls” last modified 11/6/2012 7:10AM contained sensitive information relating to over 1,200 individuals, including names, addresses, full driver’s license numbers, and the last 4 digits of their social security number. This is a massive security breach totaling approximately 5 Gigabytes of website code, registered voter information, election judge information, and much more.
11/16 1:26 pm – Forensicon has transferred all of the data captured from the publicly available site to the Federal Bureau of Investigation.
11/13 3:33 pm – The site ftp.chicagoelections.com/ is no longer accessible after Forensicon notified local government officials and law enforcement of the breach. However, the site www.chicagoelections.com is still active.
- What should my organization do to prepare for a data breach? - Forensicon Blog Interview: Attorney Jena M. Valdetero Forensicon interviews privacy and data breach response attorney, Jena Valdetero, a partner with Bryan Cave LLP, on the topic of Data Breach Preparedness. Valdetero provides further details on what organizations should do in order to be prepared for the eventual future data breach of their organization. About Jena[...Read More]
- Forensicon Staff Presents “Understanding Digital Forensics and Protecting Law Firm Data” - On Friday, May 15th, 2015, Forensicon’s Director of Digital Forensics, Yaniv Schiff, and Operations Manager, Eric Miller will be featured speakers at the Chicago Bar Association’s Professional Responsibility Committee. The presenters will share their insights into digital forensics and how to protect law firm data, both client data and firm information. Each day, news outlets[...Read More]
- Bradley University Employee Data Breached - Bradley University recently announced that it suffered a data breach affecting approximately 4,700 current and former employees and their families. The University stated that malware had been detected on two University computers that contained personally identifiable information including Social Security numbers. Reports show that fraudulent tax return filings have been discovered for a number of employees. The[...Read More]
- Yaniv Schiff Presents to Valparaiso School of Law - Yaniv Schiff, Director of Digital Forensics at Forensicon, Inc., appeared as a guest lecturer at Valparaiso Law School in Valparaiso, Indiana. Mr. Schiff offered insight and first-hand knowledge to the students of Ms. Emily Janoski-Haehlen in her Technology in Law class. Mr. Schiff lectured on the e-discovery process and computer forensics including data recovery, ESI[...Read More]
- Home Depot hack could lead to millions in fake charges - The most recent attack against home improvement giant Home Depot may perhaps be the biggest credit card breach by a retailer yet, even surpassing the unprecedented attack against Target late last year. The 2,200 store chain confirmed recently that the attack may have gone as far back as April, and affected consumers who used their credit[...Read More]