A security researcher, Chris Vickery, recently discovered a poorly configured database containing 300 GB of personal information and voting records for 191 million registered US voters. What's worse is that nobody knows who owns this database or who is responsible for the misconfiguration. The leaked data contains full names (first, middle, last), home addresses, phone numbers, a unique voter ID, state voter ID, gender, date of birth, date of registration, party affiliation, a yes/no field for if the number is on the national do-not-call list, and records of every election the voter did or did not participate in since the year 2000. Fortunately this database does not contain any finanical or social security information.

The information contained in this database has been confirmed to be correct and complete. It also appears that the information of every registered voter in the United States is contained in this database.

Vickery worked together with DataBreaches.net to attempt to locate the responsible party, yet their search has thus far been fruitless. They contacted NationBuilder, a digital campaign service, based on some indicators that they may be responsible for this database. However, according to a NationBuilder spokesperson, the IP address of the leaked database does not belong to NationBuilder or any of their clients.

According to the provider's CEO Jim Gilliam:

It is possible that some of the information it contains may have come from data we make available for free to campaigns. From what we've seen, the voter information included is already publicly available from each state government so no new or private information was released in this database. We strongly believe in making voter information more accessible to political campaigns and advocacy groups, so we provide cleaned versions of that publicly accessible information to them for free. We do not provide access to anyone for non-political purposes or that would violate any state's laws. Each state has different restrictions, and we make sure that each campaign understands those restrictions before providing them with any data. It is vital that everyone running for office knows who is registered to vote in their district.

The above statements are unfortunately true; all voter information, except for a few elements protected by law in some states, is public record. In some states, voter records are published online, in others obtaining the records is expensive but still available. In general the data is only available for non-commercial purposes. Even so, this database makes it extremely easy to obtain information about people because the information is all located in a single convenient location, all in the same format (and it's free and unrestricted).

In any case, it's safe to say this is the largest data breach of the year 2015.

Sources: