How secure is your data? There was panic over data breach-related issues as the political advocacy giant, VoterVoice leaked more than 300,000 email addresses and messages sent to elected officials. This leak, that resembled the 2016 Facebook data vote leak, is likely to have negative impacts that would affect the people in the political platforms. Due to the nature of work that VoterVoice conducts, it holds very vital and personal, sensitive information and thus leaking it cause a lot of damage to the people involved.
This leakage was discovered by TechCrunch’s data security researcher John Wethington. He noted that the exposure of this information would allow malicious people to target the people whose information has been leaked.
When this information was published on TechCrunch, the VoterVoice organization quickly released a statement stating that this matter was limited to only one organization and that the 4,392 names and their detailed information sent to the lawmakers were a part of that organization’s education campaign about the Medicare reforms.
Further, VoterVoice noted that the organization that has access to the lawmaker’s information that was leaked claims that there are more than 21 million users that have sent over 36 million messages since its inception.
While the VoterVoice were quick to clear the air regarding this issue, it was still noted that the exposed server was still unsecured as at the time they did their presser. I reply to the statement by VoterVoice, TechCrunch noted that the 4,392 details found in the Medicare campaign, represented only one file.
The one thing that has brought about more panic is that it is unclear the duration that this data has been unsecured and the kinds of people that could have accessed it. Having the data compromised is bad but having it compromised and not knowing the duration it has stayed this way and the people who could have accessed it is worse. Since the information could be viewed publicly, it had a great potential of being accessed by a malicious third party.
Could this data breach be avoided?
All fingers pointed to VoterVoice. This is because the security researchers, as well as journalists, informed VoterVoice that their servers were left exposed but they did not heed to this warning showing that they clearly did not care much about the data privacy of the American citizens. But since it has already happened, the first thing that VoterVoice should have done is to correct all the present misconfiguration and from now on take necessary steps to ensure that there is the prevention of potential damage with timely communication with the stakeholders.
What is the way forward?
Their failure to take immediate action after such a costly mistake only heightens the risk of personal information being obtained and misused by a malicious third party. While is a great theory to provide the American voters with a platform to reach the lawmakers, it would only be used if their personal and sensitive data is kept secure. This is the only way that the public will have trust in both this platform as well as the process.
It is necessary that the organizations that interact on a one-on-one level with the elected government officials ought to take a more solid and trustworthy approach to security.