Info on high-risk individuals has been exposed

Mar 31, 2015 19:50 GMT  ·  By

A total of 15 compact discs storing information about voters in Florida have been sent out by the Division of Elections to entities ordering them, leaving intact contact information that could be detrimental to their owners, if made public.

Although the data included on the discs (name, date of birth, address, phone number, and email address) is not considered confidential by legislation in Florida, some people are considered high-risk professionals and their contact details are exempt from public disclosure.

Social security numbers were not included on the storage media

The individuals who benefit from identification or address confidentiality request range from law enforcement officers, personnel involved in investigations of abuse and revenue collection, to public defenders and victims of violent offenses.

In a statement on Tuesday, the Division of Elections in Florida admitted to having delivered the CDs without redacting the information that could harm persons designated as high-risk professionals.

The privacy blunder occurred earlier this month, following the fulfillment of voter registration record extract requests. The statement clearly emphasizes that non-confidential data such as social security numbers were not included on the storage media.

Tens of thousands have been affected

“The Florida Division of Elections has already provided written notice to the recipients of 15 CDs containing the exempt information with instructions to disregard, destroy and/or return the information,” reads the disclosure announcement from Florida Department of State.

It is unclear if verification that the media has been indeed destroyed and that the data cannot be recovered will be conducted, and how this can be done, considering that the information stored on the CDs was intended for public release and most likely did not benefit from protection against copying.

It is further stated that the division started to notify the affected individuals (45,173 of them) that information about them which was not supposed to be public had been exposed.

The blame for the incident has been put on “a malfunction in the automated software used to process record extract requests.”

Florida Department of State said that the affected people are unlikely to suffer any consequences as a result of the exposure, but should they face any threats, harassment or fraud attempts, they should contact local law enforcement.

[UPDATE, April 4]: Tom Alciere, maintainer of flvoters.com (data breach notice) and one of the recipients of the media containing protected contact info chose not to make the information public, in order to keep innocent individuals out of harm's way.

"I chose not to publish the non-public data because some of those persons are crime victims hiding from their attackers; and there are crazy people out there who would target a cop's family members, who don't even deserve it," he told Softpedia.