A database containing the personal information of millions Mexican voters was discovered online by a security researcher earlier this month on an unprotected server. The discovery represents a major breach in private information for upwards of 87 million Mexican voters.
The database was discovered without even password protection by researcher Chris Vickery on April 14th, (who had previously uncovered breaches for Hello Kitty users and private medical data) who alerted Mexican authorities. The National Electoral Institute verified the list’s authenticity, and had it removed from the Amazon Web Servers it was discovered on.
Vickery noted in a blog post for MacKeeper that the breach represents some very real dangers for Mexican voters: “Kidnapping is a considerable problem in Mexico, and allowing cartels to download copies of this database could prove disastrous.”
The discovery is a major breach of privacy for millions of Mexican voters, as the information reportedly included the names, birthdates, addresses, and unique voting numbers, of every single Mexican voter.
It’s unclear exactly who is responsible for uploading the list, but the president of the Mexican National Electoral Institute, Lorenzo Cordova Vianello, noted that his office is required to share the list with all of the country’s major political parties, and believes that one of them is responsible. According to Motherboard, the database is air-gapped, and the list is delivered to parties via “hard drives, CD-ROMs or USB drives”
The NEI has since filed a criminal complaint with Mexico’s Special Prosecutor’s Office for Electoral Crimes. Under Mexican law, the penalties for leaking this information can result in up to 12 years of jail time.