The data did not contain any voting information, like the results of how someone voted.
The breach was exposed by security expert from UpGuard.
Elections spokesman Jim Allen said an outside vendor improperly put the information on an unsecure server.
ES&S has launched a “full investigation” into the leak assisted by a third-party firm “to perform thorough forensic analyses of the AWS server”.
The firm is also now reviewing all procedures and protocols, including those of its vendors, to make sure that its systems and data are secured and prevent any similar incidents in the future. The leaked data was discovered by Upguard Researchers and included the information of people from Verizon and the company which analyzes GOP.
“We have no indication that anybody other than Mr. Vickery found this”, Allen said. Jon Hendren noticed that an Amazon Web Services device wasn’t password protected. He handed it off to analyst Chris Vickery who downloaded the information to examine the content. Vickery shared his findings with local and IL state authorities Saturday morning.
The data file was listed as “Chicago DB” on the Amazon cloud service, Vickery said, and a setting on the upload made it accessible to the public.
Vickery said, “this data would be an identity thief’s dream to find”. He also said the leaked files contained some voting system administration credentials. It also recently discovered critical infrastructure data exposed by a Texas energy firm.
“We regularly conduct research into what data is out there and exposed that requires no authentication, no hacking whatsoever”, Vickery said.
Owned and operated by Omaha-based firm Election Systems & Software (ES&S), which helps maintain Chicago’s electronic poll books, the database included voters’ names, addresses, phone numbers, partial Social Security numbers, and in some cases, driver’s license and state ID numbers that seemed to have been produced around the time of the November 2016 election. “System administrators leaving things open and exposed to the public internet is like a cancer on security”.