About two weeks ago, it was reported that 50 million Turkish citizen's information has been breached, and the point was made that personal data breach must become an emerging issue with greater public awareness (DS NETS 4/25/2016). Unfortunately, MacKeeper Security Researcher Chris Vickery reported that 93.4 million Mexican voter database was available on an Amazon cloud server without any authentication and open for public access. (4/22/2016) Mr. Vickery did a wonderful job by notifying proper authorities in both the US and Mexico, and thankfully there is no evidence that the database was accessed by a malicious party. Unfortunately, this incident highlights not only the incompetence of the Mexican government in allowing such data out in the wild but also how easy it could have been for a malicious party to obtain and exploit the database of an entire country.
According to databreaches.net, based on a redacted information provided by Mr. Vickery, the Mexican voter database include "the individual’s name, complete address, date of birth, mother’s and father’s last names, occupation, and their unique voting credential code (number/identifier)." (4/22/2016) If the database was obtained by a malicious party, then every Mexican citizen in that database will always have to face the risk of identity theft potentially for the rest of his life.
What will be the Mexican government's response? Hopefully, the response will be more substantive than a simple three-year identity theft protection from a private company. (Which was the US Federal Government's response)
Citizens around the world must be aware of the inherent risks posed by massive databases and hold government and companies accountable to the fullest extent of the maximum possible damage the data breach can affect the potential victims. A simple three-year identity theft protection is not sufficient as the malicious party with the information can either wait three years until committing identity theft or simply sell the information to a more malicious party (including hostile foreign governments).
Most of the data breaches either stem from honest mistakes by the IT department or laziness of the involved individuals from implementing steps to secure the database. The fact that this database was out in public in plain text points potentially to the latter and forgotten by those responsible for leaving the database on the Amazon servers.
This incident should not have happened.