35 million records of US voters across 19 states have been stolen and sold on the dark web, reports have claimed.
Research by security firm Anomali Labs found that the data includes full names, phone numbers, addresses and voting history (although this is believed to only contain when the voter voted not who they voted for). Each of the 19 states’ data records are for sale between $150 to $12,500 USD.
Within hours of the data sale being announced, a high-profile Dark-Web user organized a crowd-funding campaign to purchase the data and release it to all the members in that specific hacker forum.
It isn’t currently known how many members are in that specific hacking forum or how widespread the information could be disseminated however. Kansas’ voter records have already been purchased by that crowd-funding campaign, with Oregon to be purchased next.
Purchasers of the data will also be given weekly updates of voter registration data.
- We've also highlighted the best antivirus
Voter records stolen
Anomali Labs has warned that the data could be used to manipulate the US November midterm elections and identity theft.
“With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft,” the firm wrote in a blog.
If voter data falls into the wrong hands the election processes would be vulnerable to fraud and manipulation. This can include changes to physically addresses associated with voters, deleting of voter registrations—and absentee ballots being issued to a third party on behalf of the actual registered voter.
The 19 states affected by the data breach are: Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin, and Wyoming.
It isn’t believed that the records of voters with data being released will be harmful in terms of identity theft—unless combined with other data breaches (such as Social Security numbers from the Equifax breach, driver licenses numbers, or credit card numbers).