Voters, Candidates Sue Election
Board Over Privacy Breach
If you caste a vote in Chicago this February, your vote may be secret but your personal information almost certainly won't be. That's because the Chicago Board of Election Commissioners has repeatedly released the Social Security numbers and other private information of more than 1.3 million voters.
Peter Zelchenko, a candidate for alderman in the city's 43rd Ward says the board violated state and federal law when they distributed over 100 compact disks containing names, addresses, telephone numbers, dates of birth, and Social Security numbers on Chicago voters. The disks were distributed to released to aldermanic candidates and ward committeeman.
"They hand this out like candy to aldermen and ward committeemen," Zelchenko said.
This is the second time since October, the Board finds itself facing charges that it failed to adequately protect the privacy of voters in the city. The first breach was discovered by the Illinois Ballot Integrity Project. The not-for-profit, non-partisan civic organization found that for at least the last six years, the Election Board's website has exposed the Social Security numbers and birth dates of registered voters to anyone with a computer.
That breach not only allowed users to view the Social Security numbers of registered voters but to also actually edit and delete the information.
"You couldn't invent a more perfect software package for widespread identity theft," Nick Kefalos, Zelchenko's attorney said in a news release.
According to Jim Allen, a spokesman for the Board of Elections, the board has fixed the problem with the website by removing all but the last four digits of the Social Security numbers listed on its site.
It isn't clear why the board left the last four digits intact. Security experts warn that the last four digits are the unique identifiers and all an identity thief needs when combined with your name and address.
In affect, the board has redacted the numbers that identity thieves don't need while leaving the critical last four digits intact. Banks and credit card companies use the last four digits to identify customers who call in to change their accounts.
Regarding the latest breach, Zelchenko said it was "far worse" than the problem he disclosed in October. "There is now not one path to the information, but easily hundreds, on hundreds of CD-ROMs distributed over the years," he said.
"Essentially, you can select from among 2.2 million Chicagoans and know their full name, current and past addresses, family members' identities, birthdate, sex, phone number, Social Security numbers, and what years they voted. You couldn't plan a more ideal package for identity theft," he said.
The 11-page state and six-page federal class actions ask the court to force the board to recover the disks and erase the data on them. The lawsuits, which seek unspecified monetary damages, also call on the board to notify affected individuals of the breach.
"What we'd like to see is some sort of an endowment, similar to what the [Department of Veterans Affairs] did last year, for people whose credit might have been damaged by this," said Nick Kefalos an attorney with Chicago-based Vernor Moran who filed the lawsuits.
The lawsuits are seeking an immediate injunction on the further release of this type of voter information and punitive damages for the "gross negligence" of the Chicago Board of Election Commissioners. The lawsuits want the court to establish an "endowment fund" to pay damages to all the affected parties.
Zelchenko said he expects actual cash payments to be made to the affected individuals addressing any "actual or potential losses" incurred.
LifeLock is the only proactive Identity Theft Prevention Solution backed by a one-million dollar guarantee! LifeLock's CEO is so confident that the system works that he posts his own Social Security number on the company's Website .
Get the newsletter It's FREE