Software // Enterprise Applications
05:35 PM

Pennsylvania Voter Reg Site Leaked Personal Info

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers could be accessed through the state's servers.

Pennsylvania took down its online voter registration Wednesday after discovering it failed to protect personal data, and the vulnerability was apparently caused by a programming error.

A Digg user reported earlier this week that Pennsylvania's online voter registration Web site exposed voters' personal information.

"This was discovered after filling out a registration myself," the Digg contributor wrote. "Being a security conscious programmer, I decided to test."

The programmer said that the printable voter application -- which users could fill out online, print out, and mail to election officials -- was not protected by authentication or validation.

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers of some voters could be accessed through the state's servers.

"Had their programmer(s) validated that a requested ID belonged to the user that was logged in, there would have been no data leak," the programmer explained. "There was absolutely no validation at all and ANYONE (didn't even have to be logged into the SURE Portal System) could make requests to the script and retrieve data. Something as simple as that really makes you wonder about the security of the rest of our government systems which could be storing confidential information."

In addition to making voters vulnerable to identity theft, the programmer stated that someone could change a voter's party affiliation, print out the form, and mail it in, preventing people from voting in primaries.

State officials did not comment on the number of voter records that could have been compromised. In the 2004 presidential election, 5,731,942 registered voters went to the polls. State Democrats are holding their 2008 presidential primary on April 22.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll