Personal data of 1.8 million Chicago voters accidentally exposed by vendor

Election anxiety
The personal data of 1.8 million Chicago voters were left exposed on a cloud-storage site.
(Brendan Smialowski / AFP/Getty Images)

Data on 1.8 million Chicago voters, including addresses, phone numbers and partial Social Security numbers, were left exposed on a downloadable cloud-storage site operated by an Omaha election-services company until a cybersecurity researcher discovered it, the company said Thursday.

The data appeared to have been produced for the November 2016 election and were discovered by a researcher working for Mountain View, Calif.-based UpGuard on Aug. 11. UpGuard revealed the problem to the company, Election Systems & Software, and the data were promptly secured, UpGuard officials said.

Election officials were notified of the problem at 5:37 p.m. and had secured the data by 9:44 p.m. the same evening, said Chicago Board of Election Commissioners spokesman James Allen.

“It was deeply troubling and frustrating for us because we purposefully build walls around Web systems so no personal, private information is available,” Allen said.


The data were exposed by the city’s poll-book vendor, which had placed on an Amazon Web Services server a backup file containing information on every voter in the city, he said.

Voter records were not altered, and no vote tabulations or election results were affected, Allen said. The city is reviewing its contract with Election Systems & Software.

Get our weekly California Inc. newsletter