[Dataloss] voter registration data exposed in PA
Henry Brown
hbrown at knology.net
Thu Mar 20 11:46:16 UTC 2008
From Infoworld.com
http://tinyurl.com/27naw5
With voting in Pennsylvania's presidential primary just a month away,
the state was forced to pull the plug on a voter registration Web site
Tuesday after it was found to be exposing sensitive data about voters in
the state.
The problem lay in an online voter registration application form that
was designed to simplify the task of registering to vote. State
residents used it to enter their information on the Web site, which then
generated a printable form that could be mailed to state election
officials. Pennsylvania's Department of State disabled the registration
form late Tuesday after being informed of the vulnerability by IDG News
Service.
Because of a Web programming error, the Web site was allowing anyone on
the Internet to view the forms, which contained data such as the voter's
name, date of birth, driver's license number, and political party
affiliation. On some forms, the last four digits of Social Security
numbers could also be seen.
[...]
The bug did not expose all registration data, just the information
supplied by those who used the Web site's online form. About 30,000
voter registration records appeared to be available on the site.
[...]
More information about the Dataloss
mailing list