Secretary of State calls voter data release 'clerical error'

[Inga Goddijn <inga () riskbasedsecurity com>]

http://hosted.ap.org/dynamic/stories/G/GA_VOTER_DATA_BREACH_LAWSUIT_GAOL-?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT

ATLANTA (AP) -- Georgia Secretary of State Brian Kemp acknowledged
Wednesday that Social Security numbers and other personal information for
the state's more than 6 million registered voters were released last month
to political parties and media organizations, as his office faces a lawsuit
filed this week.

Attorney Jennifer Auer Jordan filed the complaint in Fulton County Superior
Court on behalf of two women and is seeking class-action status. The
lawsuit says driver's license numbers and dates of birth also were included
in the files that Kemp's office disseminated in October.

Kemp's office regularly sends an updated list of all registered voters in
the state to political parties and media organizations as allowed by
Georgia law. The state charges a $500 fee for others who want to buy the
file. It is only supposed to include a voter's name, residence, mailing
address, race, gender, registration date and last voting date.

Kemp said in a statement that the personal information was put in the wrong
file because of a "clerical error." He said 12 recipients got discs
containing the information.

"This violated the policies that I put in place to protect voters personal
information," Kemp said. "My office undertook immediate corrective action,
including contacting each recipient to retrieve the disc, and I have taken
additional administrative action within the agency to deal with the error."

A spokeswoman for Kemp did not respond immediately to questions about which
organizations received the discs and whether all copies have been returned.

The lawsuit says records for 6,184,281 registered voters were included in
the October file. Statistics posted on the agency's website listed
6,036,491 registered voters as of Nov. 4, 2014. The voter file is updated
regularly as people enroll or are removed.

Jordan said her clients want Kemp's office to notify people who were
affected along with credit agencies and to provide credit monitoring for
those who want it.

If you're a Republican, you're on the list," she said. "If you're a
Democrat, you're on the list. If you're a Libertarian, you're on the list.
We should all be outraged that this happened."

Michael Smith, a spokesman for the Democratic Party of Georgia, said the
party received a disk in October but didn't have the database software to
read the personal information. He said Kemp's office asked that the disc be
returned and the party complied. Ryan Mahoney, spokesman for the Georgia
Republican Party, said staff from Kemp's office picked up an unopened disc
from the party's headquarters.

The Atlanta Journal-Constitution reported Wednesday that it confirmed the
additional personal information was on a disc it received by looking up a
reporter's information. The newspaper said it returned its disc to the
state.

Jordan said she also had returned a disc containing the voter file to the
Secretary of State's office.

"I was happy to turn it over," she said. "Our firm has a safe, but we're
not equipped to protect that kind of information."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!