Pennsylvania pulls plug on voter site after data leak
Because the coming primary isn't fraught enough
IDG News Service - With voting in Pennsylvania's presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state.
The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania's Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service.
Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter's name, date of birth, driver's license number and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen.
"Upon learning of this situation, the Department of State acted immediately to disable the specific page," said Department of State Spokeswoman Leslie Amoros in an e-mail message.
"The Department is reviewing the facts to determine how this information became available," she said. "We are also taking all necessary steps to correct the situation and are implementing processes aimed to prevent future occurrences."
"Being a security conscious programmer, I decided to test," wrote the reader, identified only as mtg169. "Very bad PA...very, very bad!"
The bug did not expose all registration data -- just the information supplied by those who used the Web site's online form. About 30,000 voter registration records appeared to be available on the site.
"That's bad, really bad," said Jeremiah Grossman, chief technology officer at Web security vendor WhiteHat Security Inc. In an e-mail, he said he hadn't seen this type of error on a voter registration Web site before, but that it was caused by a common Web programming error. "We've seen a great many vulnerabilities like this in the course of doing our work.
Many counties offer online access to voter registration data, so that residents can check on their status, but these databases typically remove data that could be misused, such as date of birth, Social Security numbers and driver's license numbers.
The last four digits of a Social Security number are often used as a security question, required to access certain types of billing accounts, and a skilled identity thief could use a driver's license number, name and address in a check-forging scheme, according to privacy experts.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!