Yet another data breach has grabbed international headlines, and this one involves the voting registration records of some 93.4 million Mexican citizens.
On April 14, Chris Vickery of MacKeeper discovered that he was able to access a tome of information, including names, birth dates, home addresses, ID numbers, and more, all on an unprotected Amazon cloud server. In a blog post, he noted that he immediately contacted both American and Mexican authorities (the U.S. State Department, the Department of Homeland Security, and the Mexican Embassy in Washington), whereupon the database was removed from the public domain eight days later on April 22.
In disclosing the enormous breach, Vickery wrote, “In my hands is something dangerous. It is proof that someone moved confidential government data out of Mexico and into the United States. It is a hard drive with 93.4 million downloaded voter registration records — The Mexican voter database.”
The database, the security expert says, “was configured purely for public access.” He adds that he has “no clue” as to why. “Under Mexican law, these files are ‘strictly confidential,’ carrying a penalty of up to 12 years in prison for anyone extracting this data from the government for personal gain.” Vickery blogged. And needless to say, this was a serious security meltdown.
“This is a significant breach, and what makes it worse is that the data was being held outside of Mexico,” Alex Cruz Farmer, vice president of cloud at security firm Nsfocus told IBTimes UK. He goes on to cite Mexico’s strict data governance rules that require data to be kept within Mexico. If it is exported for any reason, the data owner must have the authority of the data subject before the it can be exported.
Amazon Web Services has not yet commented directly on the records, but notes on its website: “While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.”
For its part, the Mexican government has expressed the seriousness of the offense. “The fact that this database is published to the public, it is not just a criminal offense, it is a national offense,” says Lorenzo Cordova Vianello, president of the Mexican National Electoral Institute. On Friday, the Institute said it filed a criminal lawsuit with Mexico’s Special Prosecutor’s Office for Electoral Crimes (FEPADE), and is also working with the country’s cyber police.
By Lulu Chang for Digital Trends
more recommended stories
Valet parking worker gets shot at Tulum restaurant
A valet parking worker was shot.
Protesters show up at informative public meeting regarding the Maya Train Project in Mérida
On Friday, May 13th, civil groups,.
Renán Barrera seeks to attract projects from countries members of the European Community
“The best way to promote economic.
Homicides and extortions unstoppable in Acapulco, Mexico
With information from Alina Navarrete Fernández/Correspondent / Latinus.
Tragedy in Tixpéhual, Yucatan; once again a young man takes his own life in this town
On Wednesday, May 11th, a 24-year-old.
Yucatan is present at the Binational Summit of Prosecutors in the United States
The flow of illicit merchandise, human.
Moisés Poot Tun is the pride of Hunucmá!
Shoes, bags, key rings, belts, earrings,.
Yucatecan mother demands her son to be transferred due to constant school bullying
Mother denounces bullying in Kinchil elementary.
Yucatan prepares for the start of the hurricane season
The facilities of the Ninth Military.
Ladder found while cleaning the bottom of the famous Zací cenote in Valladolid
The famous Zací cenote in Valladolid,.