Chicago election board officials confirmed Tuesday that sensitive personal information for about 1,200 people was exposed online but denied allegations by a computer security firm that the breach was much broader.
The firm, Forensicon, announced it uncovered the problem while researching voting patterns. It alleged that personal information of up to 1.7 million registered Chicago voters was exposed on the website of the Chicago Board of Elections Commissioners.
An election board spokesman accused the firm of overplaying the problem. James Allen said the database of 1.7 million registered voters included no personal information beyond what is already public record—name, address and voter registration number. “Anyone can request that information from us, and we have to produce it,” Allen said. “There’s absolutely no sensitive information there.”
However, Allen said due to a mistake by the election authority, another database was inadvertently exposed online with names, addresses, drivers license numbers and the last four digits of social security numbers for around 1,200 people who had applied to work for the board in Chicago polling places on Election Day.
Allen said the board removed the information about 15 minutes after being contacted by the company Tuesday afternoon. Officials for Forensicon could not be reached for comment.
There is no indication anyone other than the firm accessed the information, Allen said. The 1,200 job applicants will be informed that their personal information was vulnerable for about a week, he said.
The databases are normally kept in a password protected site, but became exposed when a temporary site was created Nov. 6 amid heavy demand from Chicagoans searching for their new polling places, Allen said.
The board had to correct a much larger online breach in 2006, when it was discovered that sensitive information for about 780,000 registered voters was available on the agency’s website.
“This is nothing like (2006),” Allen said.