Secretary of State released names and all identifying info on 6.1 million voters

Every month, the Secretary of State (Brian Kemp) releases all the new registered voters on a disc so that various entities can update their records. This information is generally limited to names, addresses, and demographic information. But last week, the SoS decided to give out a bunch of information it has collected on you and everybody you know to anyone who signed up.

Their monthly CD for October contained the Drivers license number, social security number, full name, address, and everything else you need to steal someone’s identity for every single registered voter in Georgia. All 6.1 million of us. It was not encrypted. It was not password protected. It was a gift for anyone who ever thought of doing wrong.

So just get the discs back and we will all be safe, right?

Wrong. These discs, called the “voter file”, are automatically updated to a number of different databases, which are then replicated around the country for use in voter targeting and other means. So this data is now well beyond the discs.

The information from these discs has been coursing through the system for a month now, and Brian Kemp’s office had done nothing to stop the flow of information prior to suit.

Speaking of, why did they even have the social security numbers? Their form asks for the entire number, but they only need to last four. And why is this information kept once they verify the voter?

from the AJC:

In 2012, a massive data breach reported by South Carolina officials exposed 3.8 million Social Security numbers of the state’s residents. At the time, Georgia officials said the state used data encryption and other controls not in place when hackers breached South Carolina’s Department of Revenue.

Apparently not in this case.

Speaking of the complaint, it only asks for “equitable relief”, which is another way of saying it is asking the court to force the defendant to do something. Likely, in this case it means credit monitoring and some way of guaranteeing the privacy of those affected, but that seems impossible here. Merry Christmas, Georgians, or at least it will be for everyone you are now buying presents for.

Update: here’s the complaint, enjoy!

Download (PDF, 767KB)


  1. Three Jack says:

    Who was fired? Anybody? When was the apology press conference, must have missed it? Where do I go to buy my identity back?

  2. ATLGAL says:

    Yes- that was a major screw up – but I have over 30 years in banking in an executive level and you need to know something; your personal and ‘confidential’ identification information was already out there and in the hands of criminals loooong before Kemp’s office messed up. It is not a mater of ‘if’ you will get hit, it is only a matter of ‘when.’

    If you don’t take steps to lock up your credit reports and check them regularly, and use online banking to watch all your accounts closely then you are asking to be victimized.

    • Noway says:

      Freeze your credit, per Clark Howard. And I no longer use online banking, thinking I might be safer if I have not established an online presence with the bank. Am I wrong here, ATLGAL? A little guidance would be appreciated.

      • saltycracker says:

        Not through smarts but hard knocks:
        Freeze your credit
        Use on line banking
        Never use a debit card
        Never allow drafts from your account
        Write as few checks as possible
        Use paperless billing – not the mail
        Use a minimum number of free credit cards
        Have income direct deposited

        Sure credit cards and banks will work with you but it is a tremendous hassle –
        When push comes to shove you are on your own

        Got some “funny” stories on a dept. store clerk clearing a gift card and telling me it was zero. A major dept store insisting they only drafted my bill once not twice as the account was zero, not a credit (4 months later when I asked them to confirm everything in writing so I could report my bank to the Feds….they found the error).

        • saltycracker says:

          PS I avoid cash and use a 2% cash back free AMEX card from Fidelity, but there are other good cash back credit cards. Cash back trumps points today or maybe I was just spoiled collecting points when they got you something.

    • Will Durant says:

      Yes the data is out there but access to it through normal channels like credit bureaus, etc. requires those accessing meet security standards including audit trails. No one should ever be allowed to copy off sensitive data like current legal name, address, etc. matched up to SSN and DL. That is a list a credit bureau would not do for legitimate subscribers without every name being a customer of the subscriber. Even through their legal channels such a list would not be cheap and it most definitely would have significant value through illegal channels.

  3. stucka says:

    Point of order: The existence of unencrypted data on the CDs doesn’t inherently mean it’s not stored on the server in an encrypted format. That “apparently not” comment may well be wrong.

    That’s not to say all the rest of this isn’t a debacle.

  4. ANTiSEEN says:

    At least they don’t know the street I grew up on or the name of my first pet, errr, uuuhhh, wait a minute…….

Comments are closed.