Langdon D. Neal, Chairman
Richard A. Cowen, Secretary/Commissioner
Marisel A. Hernandez, Commissioner
Lance Gough, Executive Director
Kelly Bateman, Asst. Executive Director
IMPORTANT PUBLIC NOTICE
On November 14 the Board of Election Commissioners notified people who had applied for the position of Mobile Precinct Assistant (MPA) that it had learned late on the afternoon of November 13 there was unauthorized access to a portion of a web site (file transfer protocol, or FTP, site) maintained by the Board. The FTP site contained some personal information of people who had applied to the Board for the position of Mobile Precinct Assistant (MPA) for the November 6, 2012 General Election. This unauthorized access was committed by and then reported to the Board by a computer forensic specialist firm called Forensicon. Forensicon alerted the Board that it would not publicly disclose or release to the media any information regarding this matter until after the Board closed the FTP site down so that no one could access it while the site's security was checked. The Board immediately shut the site down and took steps to secure the site against any further unauthorized access. The Board also contacted the Federal Bureau of Investigation to report the incident.
After the Board's site was shut down, Forensicon issued a release to the media concerning its unauthorized access to the Board's FTP site. Forensicon inaccurately reported that personal information of 1.7 million voters was exposed to public view. No personal information, as defined in the Illinois Personal Information Protection Act ("PIPA"), of registered voters was exposed to public viewing. Any voter registration information that possibly may have been exposed to public view is information that is ordinarily available to the general public under Illinois law. Some .pdf files associated with high school and college student judge of election applicants from 2010 and early 2011 were in the file accessed by Forensicon, which included names, addresses, phone numbers, email addresses, dates of birth and last four digits of social security numbers of student judges.
It appears that the only personal information, as defined by PIPA, exposed by the breach were the driver's license numbers of approximately 1,200 applicants for the position of Mobile Precinct Assistant. The file also contained names, addresses, email addresses, cell phone numbers, last four digits of social security numbers and the applicant's answers to the question whether the applicant had ever been convicted of a felony.
The Board has since been notified by the FBI that, after a careful examination of computer logs that tracked access or attempted access to the Board's FTP site, the FBI believes that the only unauthorized intrusion upon and download of data from the Board's FTP web site in the days after the November 6, 2012 General Election was by Forensicon. As noted earlier, as computer forensics firm, Forensicon has a professional and ethical duty not to disseminate any data it may have downloaded from the Board's web. In addition, the president of Forensicon provided to the FBI, at the FBI's request, the originals and all copies of all downloaded Board data. Forensicon has represented to the FBI that it has erased all Board data from its computers and that it will not disseminate any Board data.
In light of the FBI's report, it is unlikely that anyone's personal information has been or will be improperly disseminated or compromised.
The Board recommends, however, that you continue to monitor your credit and credit reports for any suspicious activity and to report such activity to law enforcement.
Revised November 27, 2012