Voter information for more than 4.9 million Georgians, including deceased citiens, has been published on a hacking forum over the weekend, on Saturday.
Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file.
The leaked data was spotted by the Under the Breach, a data breach monitoring and prevention service, and shared with ZDNet over the weekend.
The database contained 4,934,863 records but was not kept up to date, as it also included details for millions of deceased voters — as can be seen from the screenshot below.
According to a 2019 census, the country of Georgia has 3.7 million citizens — of which more than a third are believed to be underage and not eligible for voting.
It is unclear if the forum user who shared the data is the one who obtained it. The user claimed the data originated from voters.cec.gov.ge, an official government portal where Georgians can log in and verify and update their voter registration records. The portal was down at the time of writing.
However, it is unclear if the data was obtained by brute-forcing the website portal or the government’s official Android app.
Georgia is set to hold parliamentary elections later this year in October.
A spokesperson for the Central Election Commission of Georgia (CEC) could not be reached over the weekend.
This is not the first time when voter records leaked online in the past year. In August 2019, voter records for 14.3 million Chileans — 80% of the country’s entire population — were left exposed online in an unprotected Elasticsearch database.