For the second time since October, the Chicago Board of Elections is facing claims that it failed to adequately protect the privacy of voter data. And the board finds itself in court over the latest case, which has its roots in a 2003 fire that temporarily left workers unable to access its mainframes.
State and federal class- action lawsuits filed last week claim that the elections board acted negligently in late 2003 and early 2004 when it distributed more than 100 CD-ROMs containing the Social Security numbers and other personal data of more than 1.3 million voters to aldermen and members of local ward committees.
The 11-page state and six-page federal lawsuits ask that the board be ordered to recover the discs and erase the data on them. The lawsuits, which seek unspecified monetary damages, also call on the board to notify all the individuals affected by the breach.
“What we’d like to see is some sort of an endowment for people whose credit might have been damaged by this,” said Nick Kefalos, the attorney, who filed the lawsuits. Kefalos works at Vernor Moran LLC, a Chicago-based law firm.
How It Happened
Jim Allen, a spokesman for the Chicago Board of Elections, explained that under Illinois law, elections authorities are required to make reports on registered voters available to candidates and local officials.
Typically, the data provided doesn’t include the Social Security numbers of voters, Allen said. But, he added, the discs in question were created using data that employees downloaded directly from the elections board’s mainframes after an October 2003 fire forced the Cook County Administration Building to be evacuated for an extended period.
“They had to do a massive download because they were not going to have access to the mainframes for several months,” Allen said. The downloaded data included the Social Security numbers of more than 1.3 million of the city’s 2.2 million registered voters, and the numbers were “unfortunately included with the basic information” sent to local officials, he said.
According to Allen, the elections board last Monday hand-delivered letters to the city’s ward offices requesting that the discs be returned.
So far, he said, there has been no indication that any of the personal information has been used for fraudulent purposes. Nor have Social Security numbers been included on any discs distributed subsequently, Allen said.
The breach was brought to the board’s attention last month by Peter Zelchenko, who is running for an alderman’s seat in an election scheduled for Feb. 27. Zelchenko, a member of the Illinois Ballot Integrity Project, also disclosed a major security breach on the election board’s Web site in October. That breach not only allowed users to view the Social Security numbers of registered voters, but it also let them edit and delete the information.
The board has since fixed the problem and removed all but the last four digits of the Social Security numbers listed on its site, Allen said. It also hired Grant Thornton LLP, a Chicago-based auditing and business consulting firm, to help it with data security, storage and control issues.
Zelchenko said the newly discovered breach was “far worse” than the Web site problem. “There is now not one path to the information, but easily hundreds,” he said.
Noting that the information on the discs also includes birth dates, phone numbers and the names of family members, he said, “You couldn’t plan a more ideal package for identity theft.”
Source |
