Election security has again been called into question after millions of Texas voter records were left exposed. A file discovered by Flash Gordon, a New Zealand-based data breach hunter, was left on an unsecured server without a password, according to TechCrunch. Of the 15.2 million total registered Texas voters, an astounding 14.8 million records were left exposed on a single file.
The data in the file was reportedly compiled by a conservative-focused data firm, The Data Trust, and contained personal information such as voter’s name, address, gender and several years’ worth of voting history, including primaries and presidential elections.
“The data also included gauges on voters’ views regarding immigration, abortion and the Second Amendment. The file also held data assessing if voters trusted Hillary Clinton,” The Hill reported.
The news comes at a time when trust in data protection and privacy with regard to voting is low. Confirmation of Russian meddling has set off alarms across the aisle as candidates move toward midterm elections. That 14.8 million personal records of Texas voters were found on an unprotected server, without even the basic security measure of a password, does little to boost confidence in election systems, said Bill Evans, a vice president at One Identity.
“The idea of having a database like this sitting with no password is such an incredible lapse in judgment today. While we all know that keeping up with password best practices can be somewhat annoying – forgetting and resetting them in a broken cycle – it is inexcusable and maybe illegal to leave data that contains personal information like this completely unprotected,” Evans said.
“It is a good reminder, however, and call to action for any organization that is storing sensitive data, that it is their responsibility to ensure security, as well as authentication to access it. There are four basic security measures that should be part and parcel of doing business today. Those include end-user education, multi-factor authentication, privileged-access management, and access governance to ensure only the right people have the right access to the right things at the right time.”