Leak Of Voter Rolls
Given the low level of work required to impersonate a government employee at login, a bad actor could enter the system as a server administrator, obtain a large amount of voter information, and either release it online or use it for their own purposes, according to Ping Identity Senior Technical Architect Sarah Squire.
Squire said the leak of voter lists would be valuable to advertisers for targeting purposes since the voting data itself could provide more insight into who actually votes and where they likely shop or get their news.
Squire would love to see encryption at rest for voting data, Squire said, with the key needed to obtain access to the personally identifiable information (PII) stored in a different place than the information itself. In that scenario, Squire said that even if a bad actor were to gain access to voting data, they would be unable to decrypt it.