BreachExchange mailing list archives
voter registration data exposed in PA
From: Henry Brown <hbrown () knology net>
Date: Thu, 20 Mar 2008 06:46:16 -0500
From Infoworld.com http://tinyurl.com/27naw5 With voting in Pennsylvania's presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state. The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania's Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service. Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter's name, date of birth, driver's license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen. [...] The bug did not expose all registration data, just the information supplied by those who used the Web site's online form. About 30,000 voter registration records appeared to be available on the site. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- voter registration data exposed in PA Henry Brown (Mar 20)