More than 1 million Maine voters are among more than 190 million from across the country whose information was leaked onto the Internet this week through the release of a mysterious, misconfigured voter database.
The leaked data included information a person gives when he or she first registers to vote: name, address, date of birth and party affiliation. The leaked information also includes whether an individual voted in recent general and primary elections dating as far back as 2000, according to Databreaches.net. The email addresses and phone numbers of some voters also may have been among the leaked information.
No one has been able to identify the owner of the database nor how the data of Maine voters made its way into the database. Databreaches.net confirmed Monday night that the database is no longer publicly accessible.
Maine officials aren’t aware of any malicious attempt to access the state’s central voter registration system, Kristen Muszynski, the Maine secretary of state’s office spokeswoman, said Monday afternoon. But there are a few plausible paths to explain how more than 1 million Maine voter records made their way online.
Maine voter data are considered “quasi-public” under state law, Maine Secretary of State Matthew Dunlap said Tuesday afternoon. It’s not a public record, but political parties, party committees, campaign committees and political action committees can purchase voter data — names, addresses and whether a Mainer voted in recent elections — for a political party’s activities, get-out-the-vote efforts and campaigns.
The state does not sell other information, such as voters’ phone numbers and email addresses, to political groups, though Dunlap noted that once they acquire a state’s voter registration data, political groups and campaigns may aggregate information from other databases to add phone numbers and emails.
Political groups that obtain voter registration data are prohibited under state law from using it for commercial purposes or to sell and distribute it, Dunlap said. He said it’s unlikely the leak will result in legal action on the part of the state because it appears to have been accidental. But without further information about the nature of the leak and who is responsible, Dunlap could not rule out any state action to address the leak.
While names, addresses and party affiliation data are not particularly useful on their own, if the data were combined with sensitive information — such as Social Security numbers — obtained from data breaches, it could be useful to identity thieves, said Jane Carpenter of Maine Identity Services, a company that advises victims and law enforcement agencies across the country on how to deal with identity theft.
“The reality is we have a lot of information about ourselves out there,” Dunlap said.