Kuala Lumpur, March 15, 2018 — Every democracy grants its citizens a constitutional right to vote. Any popular election requires huge databases containing personal details and sensitive information on political and other preferences of voters. Such databases may be maintained by both government bodies and analytical companies, which doubles the threat to information integrity, with negligent third-party companies seeming to cause a more significant damage in the event of data compromising.
This is a digest of major voter data leaks prepared by InfoWatch Analytical Center.
The largest such leak happened in June 2017 in the USA. Deep Root Analytics, a data analytics contractor employed by the Republican National Committee (RNC), accidentally left files containing information on 198 million voters (more than 60% of the entire U.S. population and approximately 80% of all citizens eligible to vote) in an Amazon cloud account that could be browsed without logging in.
The files discovered by the security firm UpGuard were part of 25-terabyte database containing names, addresses of voters, as well as modeled data about voters’ likely positions on different issues, including information on how likely particular individuals voted for Obama in 2012, whether they agree with the Trump foreign policy of ‘America First’, and so on. It was found out that these data were exposed for almost two weeks.
A year and a half before that, personal information of 191+ million U.S. voters was leakedthrough a similarly misconfigured storage. Such a database is a real godsend to marketing or political research firms, as well as journalists, scientists, and politicians.
In April 2016, UpGuard experts discovered a massive database of 87 million Mexican voter records publicly accessible on the Internet, including names, addresses, dates of birth, and voter ID numbers. The password-free database was also found on a cloud server provided by Amazon Web Services. Soon after AWS was notified of the exposure, the database was no longer publicly accessible.
In April 2016, the Philippines saw the largest leak in its history, when a computer was stolenfrom the Philippines Commission on Elections (COMELEC), containing personal information of 55 million voters. The damage was even more grave as the leak compromised not only traditional personal data of voters, but also their biometric identity. Even though the COMELEC claimed that data had been encrypted, you would never know whether criminals could extract them or not.
Several years ago, Colombia saw a scandalous incident involving voter personal information. National Registry director accused the policemen of illegal data acquisition, as, during an investigation into alleged election irregularities in the southwestern part of the country, they removed two hard drives containing the details of 31 million voters from the Registry without the appropriate warrant.
InfoWatch Traffic Monitor is a DLP solution protecting enterprises against data leaks and internal threats. InfoWatch Traffic Monitor reduces the company’s financial and reputational risks caused by leaks and mitigate the results of such leaks, prevents data leaks without interrupting business processes by preventing data from being sent via email, web services or social media, from being copied to USB flash drives, etc., controls employee operations in business apps, preventing retrieval of confidential data in digital or printed form, collects evidence for incidents investigation.
The new release tools improve DLP system efficiency when it comes to security policy creation, investigations, and cybersecurity team interaction with other business units.
The InfoWatch Group of Companies is a developer of integrated solutions that ensure enterprise information security. The company was founded in 2003 by Natalia Kaspersky as a fully independent entity incorporating InfoWatch, Attack Killer, Cezurity, EgoSecure, Kribrum and Taiga brands. The Group’s product portfolio comprises efficient solutions to protect enterprises against the most challenging internal and external threats.
Starting from 2011, the company has been operating in the global market. The InfoWatch Group sells its products in Western Europe, the Middle East, India, and Southeast Asia. The company has an extensive partner network. Fifteen InfoWatch offices operate worldwide, including two full-scale local representative offices—InfoWatch Gulf in Dubai (UAE) and InfoWatch SDN BHD in Kuala Lumpur (Malaysia).
The Group’s current customers include: Central Bank of Bahrain, Prime Minister’s Court of Bahrain, First Energy Bank B.S.C. (Bahrain), Venture Capital Bank (Bahrain), Kuwait Finance House, Petrochem (UAE), Gateway Rail (India), Bank Persatuan (Malaysia), KSB Group (Indonesia), Ministry of Education of Greece, etc. https://infowatch.com/
About InfoWatch Group
InfoWatch Group is a Russian vendor of end-to-end enterprise cybersecurity solutions that effectively protect businesses against the most pressing internal and external threats. InfoWatch annually boosts its product and solution sales and leads the DLP markets in Russia and the CIS, with the company’s products being also commercially available in Western Europe, the Middle East, India and Southeast Asia. https://www.infowatch.com/
More information about InfoWatch Group of companies is available at www.infowatch.com
Tel/fax: +7 (495) 22 900 22, +7 (499) 37-251-74