A database containing voter registration details of 186 million people in the U.S. is being distributed on hacking forums, putting voters at risk of scams and disinformation campaigns.

The data was discovered by researchers at cybersecurity company Trustwave Holdings Inc., which publicized the situation Wednesday. Along with the voter registration data, the database was also offering consumer data of 245 million U.S. residents, with up to 400 data points for each. Databases with voter information on citizens in other countries were also found to be offered by the same group, covering countries such as Canada, U.K., Ireland and South Africa.

The data on voter registration includes names, addresses, age, gender and political affiliation. A third of the records also include phone numbers.

Although the data can certainly be used for nefarious purposes, the researchers do note that some of the voter registration data is likely to have come from publicly available sources, while other parts of the data may have come from voter registration data leaks. Some states publicly disclose voter registration data under local laws.

“The exposed database containing 186 million American voter records puts nearly all U.S. voters at risk of being victimized for fraud,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “Leaving addresses, full names, ages, phone numbers and political affiliations exposed allows fraudsters to access any user account that was created with this information or combine it with other readily available information on the dark web to gain access to additional accounts or steal user benefits.”

In addition, he said, fraudsters can leverage victims’ political affiliation to launch targeted social-engineering attacks impersonating elected officials and spread disinformation to influence votes. “Any organization with an online presence is responsible for keeping user data secure,” he said. “Government agencies must adapt to the modern fraud landscape to keep citizens safe.”

James McQuiggan, security awareness advocate at security awareness training firm KnowBe4 Inc., noted that the data could earn a lot of money for those who compiled the list.

“With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or voice phishing attacks,” McQuiggan added. “Cybercriminals could generate spear-phishing emails appearing to be sent from a particular political party’s candidate with disconcerting information to dissuade a voter from voting for the other party’s candidate.”

Photo: LWVC/Wikimedia Commons