BreachExchange mailing list archives
Secretary of State calls voter data release 'clerical error'
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 18 Nov 2015 17:45:57 -0600
http://hosted.ap.org/dynamic/stories/G/GA_VOTER_DATA_BREACH_LAWSUIT_GAOL-?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT ATLANTA (AP) -- Georgia Secretary of State Brian Kemp acknowledged Wednesday that Social Security numbers and other personal information for the state's more than 6 million registered voters were released last month to political parties and media organizations, as his office faces a lawsuit filed this week. Attorney Jennifer Auer Jordan filed the complaint in Fulton County Superior Court on behalf of two women and is seeking class-action status. The lawsuit says driver's license numbers and dates of birth also were included in the files that Kemp's office disseminated in October. Kemp's office regularly sends an updated list of all registered voters in the state to political parties and media organizations as allowed by Georgia law. The state charges a $500 fee for others who want to buy the file. It is only supposed to include a voter's name, residence, mailing address, race, gender, registration date and last voting date. Kemp said in a statement that the personal information was put in the wrong file because of a "clerical error." He said 12 recipients got discs containing the information. "This violated the policies that I put in place to protect voters personal information," Kemp said. "My office undertook immediate corrective action, including contacting each recipient to retrieve the disc, and I have taken additional administrative action within the agency to deal with the error." A spokeswoman for Kemp did not respond immediately to questions about which organizations received the discs and whether all copies have been returned. The lawsuit says records for 6,184,281 registered voters were included in the October file. Statistics posted on the agency's website listed 6,036,491 registered voters as of Nov. 4, 2014. The voter file is updated regularly as people enroll or are removed. Jordan said her clients want Kemp's office to notify people who were affected along with credit agencies and to provide credit monitoring for those who want it. If you're a Republican, you're on the list," she said. "If you're a Democrat, you're on the list. If you're a Libertarian, you're on the list. We should all be outraged that this happened." Michael Smith, a spokesman for the Democratic Party of Georgia, said the party received a disk in October but didn't have the database software to read the personal information. He said Kemp's office asked that the disc be returned and the party complied. Ryan Mahoney, spokesman for the Georgia Republican Party, said staff from Kemp's office picked up an unopened disc from the party's headquarters. The Atlanta Journal-Constitution reported Wednesday that it confirmed the additional personal information was on a disc it received by looking up a reporter's information. The newspaper said it returned its disc to the state. Jordan said she also had returned a disc containing the voter file to the Secretary of State's office. "I was happy to turn it over," she said. "Our firm has a safe, but we're not equipped to protect that kind of information."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Secretary of State calls voter data release 'clerical error' Inga Goddijn (Nov 19)