Mexican Voter Information out in public

Details: Written by Daniel Shin; Category: World; Published: 25 April 2016

About two weeks ago, it was reported that 50 million Turkish citizen's information has been breached, and the point was made that personal data breach must become an emerging issue with greater public awareness (DS NETS 4/25/2016). Unfortunately, MacKeeper Security Researcher Chris Vickery reported that 93.4 million Mexican voter database was available on an Amazon cloud server without any authentication and open for public access. (4/22/2016) Mr. Vickery did a wonderful job by notifying proper authorities in both the US and Mexico, and thankfully there is no evidence that the database was accessed by a malicious party. Unfortunately, this incident highlights not only the incompetence of the Mexican government in allowing such data out in the wild but also how easy it could have been for a malicious party to obtain and exploit the database of an entire country.

According to databreaches.net, based on a redacted information provided by Mr. Vickery, the Mexican voter database include "the individual’s name, complete address, date of birth, mother’s and father’s last names, occupation, and their unique voting credential code (number/identifier)." (4/22/2016) If the database was obtained by a malicious party, then every Mexican citizen in that database will always have to face the risk of identity theft potentially for the rest of his life.

What will be the Mexican government's response? Hopefully, the response will be more substantive than a simple three-year identity theft protection from a private company. (Which was the US Federal Government's response)

Citizens around the world must be aware of the inherent risks posed by massive databases and hold government and companies accountable to the fullest extent of the maximum possible damage the data breach can affect the potential victims. A simple three-year identity theft protection is not sufficient as the malicious party with the information can either wait three years until committing identity theft or simply sell the information to a more malicious party (including hostile foreign governments).

Most of the data breaches either stem from honest mistakes by the IT department or laziness of the involved individuals from implementing steps to secure the database. The fact that this database was out in public in plain text points potentially to the latter and forgotten by those responsible for leaving the database on the Amazon servers.

This incident should not have happened.

Welcome!

This is my writing depository containing analysis and opinion on current events. Online since 2004, DS NETS continues to strive to contribute to the general online discussion on the ongoing political, societal, and cultural events around the world and at home.

It is my belief that through good writing that not only I can think beyond the headlines and abstract summary of articles but also my writings can open new avenues for further research and discussions.

Latest Writings

Technical

In order to maximize capability among visitors, this website does not depend on bloated javascript and other code to display the content to the audience. There are no external advertisements, and the website is relatively lightweight for the web browser of all kinds.

The website design was done by scratch (by me), and readability of the content, as well as the aesthetics, was the focus of the design.

Hopefully, the lightweight nature of the website can make the browsing experience more pleasant.