/ SECURITY WATCH

Popular articles

22 / 04 / 2016

BREAKING: Massive Breach of Mexican Voter Data

In my hands is something dangerous. It is proof that someone moved confidential government data out of Mexico and into the United States. It is a hard drive with 93.4 million downloaded voter registration records— The Mexican voter database.

See the interview with Chris Vickery commenting on this breach: 

https://www.youtube.com/watch?v=H0mlhrtb4W0&rel=0

Before going any further, let’s make one thing very clear. I’m not the one who transmitted the data out of Mexico. Someone else will have to answer for that. However, eight days ago (April 14th), I did discover a publicly accessible database, hosted on an Amazon cloud server, containing these records. There was no password or authentication of any sort required. It was configured purely for public access. Why? I have no clue.

After reporting the situation to the US State Department, DHS, the Mexican Embassy in Washington, the Mexican Instituto Nacional Electoral (INE), and Amazon, the database was finally taken offline April 22nd, 2016.

Under Mexican law, these files are “strictly confidential”, carrying a penalty of up to 12 years in prison for anyone extracting this data from the government for personal gain. We’re talking about names, home addresses, birthdates, a couple of national identification numbers, and a few other bits of info.

Earlier this week I gave a talk at Harvard University’s Center for Government and International Studies building, primarily on the topic of data breaches. As luck would have it, there was a student from Mexico present. After the talk, during which I had announced this latest breach discovery, he was able to confirm the accuracy of at least one record in the database.

His reaction was very serious. He immediately understood the potential harm that could be done if this database were to end up in the wrong hands. Kidnapping is a considerable problem in Mexico, and allowing cartels to download copies of this database could prove disastrous.

Following the September 11th terrorist attacks, the United States, for whatever reason, acquired a similar database through a data brokerage firm known as ChoicePoint. From what I’ve read, ChoicePoint managed to get ahold of the Mexican voter database in exchange for $250,000 back in the early 2000s.

When that story broke, citizens across Mexico were outraged that the US Government had the country’s private details. I can only imagine what fury will ensue now that anyone in the entire world could have potentially downloaded it. I mean, I’m just some guy in Texas… and I have it.

Related article: Another Mexican Database Found.

Follow the security news at MacKeeper Security Research Center with Chris Vickery.

*Note:  Thanks go to the administrator of databreaches.net (who is also covering this story at https://www.databreaches.net/personal-info-of-93-4-million-mexicans-exposed-on-amazon).

**Additional thanks to journalist Adam Tanner (Fellow at Harvard’s Institute for Quantitative Social Science) for putting me in contact with Mexico’s Instituto Nacional Electoral.

***

Attention - Portions of this article may be used for publication if properly referenced and credit is given to MacKeeper Security Researcher: Chris Vickery. 

Do you have security tips or suggestions? Contact: cvickery@kromtech.com