Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

93 Million Mexican Voter Records Leaked Online

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

MacKeeper researcher Chris Vickery reported on Friday that he discovered an unprotected database on an AWS server containing 93.4 million records associated with Mexican voters. The records include names, addresses, dates of birth, occupations, voter registration IDs, and other information.

“In my hands is something dangerous,” Vickery said. “It is proof that someone moved confidential government data out of Mexico and into the United States.”

The database was identified by the expert on April 14 on a US-based Amazon server and it was taken offline on April 22 after Vickery notified the Mexican National Electoral Institute (Instituto Nacional Electoral, INE), Amazon, the Mexican Embassy in Washington, the US State Department and the Department of Homeland Security (DHS).

Late last year, Vickery reported uncovering a misconfigured database containing the details of 191 million US voters. However, unlike in the United States where much of the information was already publicly available, Mexican law only allows the use of the voter database for verification purposes and the records should not be public.

In a statement published on Friday, INE said the database contained a list of voters compiled in February 2015. The organization filed a criminal complaint and an investigation is underway, but there is no evidence that the information was obtained as a result of a security breach.

Advertisement. Scroll to continue reading.

INE representatives told DataBreaches.net that the data was made available to political parties and they are currently trying to identify the people responsible for the incident. It’s unclear if someone other than Vickery downloaded the information from the server, but INE hopes to get answers from Amazon.

According to some reports, many of the records are duplicates and the actual number of affected individuals is 87 million. Others report that the database contained 81 million unique records.

This is the third major data leak reported in the past weeks. Last month, hacktivists breached the website of the state election agency in the Philippines and obtained the details of 55 million people. Authorities arrested a 23-year-old man in connection to the incident.

At around the same time, hackers dumped a database containing the details of 50 million Turkish citizens.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Defunct iPhone App Exposes Details of 198,000 Users

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.