Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

93 Million Mexican Voter Records Leaked Online

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

MacKeeper researcher Chris Vickery reported on Friday that he discovered an unprotected database on an AWS server containing 93.4 million records associated with Mexican voters. The records include names, addresses, dates of birth, occupations, voter registration IDs, and other information.

“In my hands is something dangerous,” Vickery said. “It is proof that someone moved confidential government data out of Mexico and into the United States.”

The database was identified by the expert on April 14 on a US-based Amazon server and it was taken offline on April 22 after Vickery notified the Mexican National Electoral Institute (Instituto Nacional Electoral, INE), Amazon, the Mexican Embassy in Washington, the US State Department and the Department of Homeland Security (DHS).

Late last year, Vickery reported uncovering a misconfigured database containing the details of 191 million US voters. However, unlike in the United States where much of the information was already publicly available, Mexican law only allows the use of the voter database for verification purposes and the records should not be public.

In a statement published on Friday, INE said the database contained a list of voters compiled in February 2015. The organization filed a criminal complaint and an investigation is underway, but there is no evidence that the information was obtained as a result of a security breach.

INE representatives told DataBreaches.net that the data was made available to political parties and they are currently trying to identify the people responsible for the incident. It’s unclear if someone other than Vickery downloaded the information from the server, but INE hopes to get answers from Amazon.

According to some reports, many of the records are duplicates and the actual number of affected individuals is 87 million. Others report that the database contained 81 million unique records.

Advertisement. Scroll to continue reading.

This is the third major data leak reported in the past weeks. Last month, hacktivists breached the website of the state election agency in the Philippines and obtained the details of 55 million people. Authorities arrested a 23-year-old man in connection to the incident.

At around the same time, hackers dumped a database containing the details of 50 million Turkish citizens.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Defunct iPhone App Exposes Details of 198,000 Users

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.