voter registration data exposed in PA

[Henry Brown <hbrown () knology net>]

 From Infoworld.com
http://tinyurl.com/27naw5

With voting in Pennsylvania's presidential primary just a month away, 
the state was forced to pull the plug on a voter registration Web site 
Tuesday after it was found to be exposing sensitive data about voters in 
the state.

The problem lay in an online voter registration application form that 
was designed to simplify the task of registering to vote. State 
residents used it to enter their information on the Web site, which then 
generated a printable form that could be mailed to state election 
officials. Pennsylvania's Department of State disabled the registration 
form late Tuesday after being informed of the vulnerability by IDG News 
Service.

Because of a Web programming error, the Web site was allowing anyone on 
the Internet to view the forms, which contained data such as the voter's 
name, date of birth, driver's license number, and political party 
affiliation. On some forms, the last four digits of Social Security 
numbers could also be seen.
[...]
The bug did not expose all registration data, just the information 
supplied by those who used the Web site's online form. About 30,000 
voter registration records appeared to be available on the site.
[...]

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml