Unsecured Database Exposes Personal Information of Voters Who Contacted Representatives

2019, April, Breaches

Who: VoterVoice

# of Records/People Affected: 300,000 unique email addresses, home addresses and phone numbers of people who have sent messages to legislators or participated in campaigns around hot political topics

When: 5 Apr 2019

What happened: An unsecured database at VoterVoice exposed a trove of personal information that included unique email addresses, home addresses and phone numbers of people who have sent messages to legislators or participated in campaigns around hot political topics.

How Did it happen: The exposed server housed thousands of folders on each campaign that in addition to unique email addresses and phone numbers, included personal data that could expose political and religious leanings as well as the actual messages sent to legislators.

Outcome: The leak is even more troubling because it is unclear how long the information was exposed. The infrastructure was exposed to​ an unknown amount of time meaning that nefarious individuals could have already accessed sensitive information without anyone knowing. Being compromised is bad enough, but being compromised and not knowing it is much worse. Now that the event has passed, proper steps must be taken to mitigate potential damage and communicate with affected stakeholders in a timely manner.