Skip to content ↓ | Skip to navigation ↓

A security researcher has discovered a database containing the personally identifiable information (PII) of 191 million registered US voters, including names, addresses, birth dates and phone numbers, as well as voter IDs and party affiliations.

According to a report by Forbes, whitehat hacker Chris Vickery said he uncovered the searchable database earlier this month, which amounts to nearly 300GB of voter data. Vickery notes the data appears to date back to the year 2000.

Although it does not contain any financial data or Social Security numbers, Vickery estimates a complete database of such could be worth up to $270,000.

Vickery confirmed he was able to find accurate records of himself in the database, including his unlisted phone number. He said the personal information of his local police officers were also easily accessible and correct.

Reporters from CSO, DataBreaches.net and Vickery himself have been hunting for the original owner of the data, reaching out to known voter information companies—such as Nation Builder—and various political tech groups, including Catalist, Political Data, Aristotle, L2 Political and NGP VAN.

As of yet, no one has taken responsibility for the leak.

In the meantime, Vickery said he has notified the FBI’s New York field office and the Internet Crime Complaint Center of the issue.

Much of this data is already publicly available across states as campaigners take a close look at certain demographics, says Forbes reporter Thomas Fox-Brewster.

However, Fox-Brewster notes that some charge thousands of dollars for pleasure, while many also place restrictions on the use of the information for commercial purposes.

“Right now, thanks to someone’s carelessness, it’s free to anyone who can find what Vickery did . . . If they can find the database, scammers and marketing folk alike will likely benefit most,” said Fox-Brewster.

Earlier this month, Vickery was also responsible for uncovering the details of 13 million MacKeeper users, which included names, email addresses, usernames, password hashes, IP addresses and phone numbers, as well as system information.