Page 17 - Cyber Warnings December 2015
P. 17
Georgia hands out PII for 6 million voters in 'PeachBreach'
By Anna Wehberg, Sr. Marketing Director, Hexis Cyber Solutions
Proving that there are myriad ways to expose sensitive data, the state of Georgia botched its
regular release of voter information data to include personally identifiable information like Social
Security numbers and birth dates for 6.2 million residents of the Peach State.
A dozen CDs loaded with voter information
Dubbed "PeachBreach" by some commentators,
this data breach happened in an oddly old-
fashioned way. Employees at the Georgia
Secretary of State's office manually sent compact
disks of the information to 12 organizations that
were signed up as yearly recipients. The CD of
voter information went to a wide variety of
groups. They included ones you'd expect to
regularly ask for voter registration data, such as
media outlets The Atlanta Journal-Constitution and Savannah Morning News. Atlanta's largest
newspaper published photos of the CD that it received, on which was scribbled "Ga. statewide file,
10/15/2015."
Both major parties at the state level, plus niche political groups like the Southern Party of Georgia
and Independence Party of Georgia also received copies. Even Georgia Gun Owner
Magazine received the data.
These files, when released properly, include fields such as name, address, birth year, gender and
which political party's primary the person most recently participated in. This year the records
included data prohibited by state law from release, including driver's license numbers plus the
above-mentioned Social Security numbers and birthdays.
Class-action lawsuit makes breach public
The breach only became public after the filing of a class-action suit against the state government
became known.
The lawsuit said the wrongdoing by the Secretary of State's office wasn't limited to the breach itself,
but that Georgia law states that victims of a data breach be notified. At the time the suit was filed,
the plaintiffs allege "not a single Georgia citizen" had been told that their PII had been
compromised.
Secretary of State Brian Kemp has already fired an IT staffer he blamed for the snafu, stating that
the person did not follow internal rules.
17 Cyber Warnings E-Magazine – December 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
