Skip to Content
Security & privacy

650K private voter records found being sold on eBay

Tech experts always say that it’s an essential practice to make sure you wipe all your gadgets’ storage units clean before you dispose of them.

It doesn’t matter how – throw them away, donate them to charity, sell them on eBay – it’s critical that you wipe them clean.

And it’s not just a matter of deleting the files, mind you. You have to completely shred or wipe all your data off the gadget’s memory to make all of it irrecoverable.

But what if a public institution that has access to the masses’ personal information fail to do so?

This is the scenario that’s facing voters in Tennesse when an electronic poll book bought off eBay was discovered to contain the personal information of 654,517 people who voted in the state’s Shelby County.


The machine, an ExpressPoll-5000 from Election Systems and Software (ESS), was used to check in voters on Election Day and was acquired through an eBay auction. It was supposed to be used as testing equipment during the recent Black Hat Conference in Las Vegas.

Security researcher John Palmer discovered that the massive database of voter records was still stored on the machine’s memory card with no password protection whatsoever.

Anyone with basic computer skills can simply pull out the drive from the machine then use a computer and card reader to see the contents of the memory card.

Although it is a standard practice that U.S. government workers wipe off the data from these machines before they are decommissioned and sold to the public through auction sites like eBay, voting machine security advocates point out that there’s no real formal auditing for the wiping process.

This means there is no way of telling how many of these machines sold may still have voter records stored in them.

According to Gizmodo, the wealth of data in such machines include not just names, addresses and birthdays, but also political party affiliations, whether they voted absentee, and whether they were asked to provide an ID.

Fortunately, the conference organizers confiscated the machine’s memory card to protect the voter database. They’re also notifying the county of the potential data breach.

Shelby County Elections Commission PR rep Suzanne Thompson Cozza told Gizmodo that they are “aware of the allegations about the happenings at DEF CON,” and they are currently looking into it.

What do you think? Should there be tighter inspections and consistent standards for voting equipment disposal? Drop us a comment!

More stories you can’t miss:

5 good habits that immensely improve your online security

How hackers could turn your household objects against you

Leading health insurance company hit by data breach AGAIN

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook