Headline: Audit finds misconfigured voter database left records reachable without authentication
Summary
An independent municipal audit, a national CERT advisory, and a FOIA release of internal emails together show a configuration error in a city’s voter-registration system that allowed unauthenticated HTTP requests to retrieve voter records for weeks. The documents—Municipal Audit Report (June 2025), National CERT advisory #2025-17 (published July 2, 2025), and FOIA bundle B-2025 (released August 14, 2025)—provide overlapping, timestamped evidence of the issue, attempts at remediation, and gaps in logging that complicate efforts to determine whether data were copied offsite.
What we found (the lead)
Three independent, verifiable sources converge on the same conclusion: a permissions misconfiguration permitted read access to a production voter-registration endpoint without authentication. Audit appendices include sample queries and logs; network scans obtained under public records match those samples; and contractor emails in the FOIA bundle acknowledge the problem and document a delayed remediation schedule. Officials were notified on May 28, 2025; the endpoint remained reachable through mid‑July according to the timeline reconstructed from the available files.
The evidence, in brief
– Municipal Audit Report (June 2025): Technical appendix lists an unauthenticated HTTP JSON endpoint, sample responses that include names, addresses, partial dates of birth and registration status, plus IP addresses and timestamps (appendix pp. 4–9). The audit classifies the incident as a significant privacy lapse and recommends escalation to the data‑protection authority.
– National CERT advisory #2025-17 (2025-07-02): Confirms the exposed endpoint returned structured voter records to unauthenticated requests and warns of common causes (default credentials, open object storage, misapplied access-control lists). The advisory sets out recommended mitigations.
– FOIA release B-2025 (2025-08-14): Email threads between the city IT team and the contracted vendor show the contractor acknowledging the misconfiguration, proposing a patch tied to a maintenance window, and flagging coordination delays that postponed fixes. The bundle contains configuration snippets that match the audit appendix.
Timeline (reconstruction from available artifacts)
– 2025-05-20: Contractor change log records deployment of a new voter-registration service.
– 2025-05-24: Automated scans detect an open HTTP endpoint returning JSON without authentication (scan extracts appear in the audit annex).
– 2025-05-28: Contractor emails notify municipal IT of the missing access controls and propose a patch during a maintenance window.
– 2025-06-02 to 2025-06-10: Auditors perform targeted checks; live queries in the audit appendix show access still open on 2025-06-05.
– 2025-06-20: A third‑party researcher reports findings to National CERT (per CERT docket).
– 2025-07-02: National CERT issues advisory #2025-17 recommending immediate ACL changes and credentialization of the endpoint.
– 2025-07-15: Vendor applies configuration changes; follow-up scans report the endpoint is no longer publicly reachable.
Where the record is clear — and where it isn’t
The documents clearly demonstrate a misconfiguration that allowed unauthenticated read access to identifiable voter metadata. What the available records do not definitively show is whether anyone systematically extracted data or copied it offsite. Forensic summaries attached to the audit note unsuccessful attempts to confirm exfiltration; meanwhile, gaps in server-side logging and inconsistent timestamps in some artifacts mean a full reconstruction of who queried the endpoint and when will require additional forensic work.
Who’s involved
– Municipal auditor: Produced the technical audit and recommendations; provided the appendices cited here.
– Municipal IT team: Operational owner of the endpoint and recipient of contractor communications.
– Third‑party IT contractor: Deployed the service, acknowledged the configuration error in emails, and scheduled remediation that was delayed by coordination issues.
– Third‑party security researcher: Submitted query samples to CERT that prompted external escalation.
– National CERT: Evaluated the disclosure and published advisory #2025-17 with mitigation guidance.
Security, legal and electoral implications
– Security: Exposed fields—names, addresses, partial DOBs and registration status—are commonly exploited in identity‑fraud and social‑engineering campaigns. Even without confirmed exfiltration, the mere availability of this data increases risk.
– Legal/compliance: Depending on local data‑protection laws, the incident may trigger notification obligations or regulatory review. The audit recommends consulting the data‑protection authority.
– Electoral integrity: Auditors found no evidence in provided logs of unauthorized write operations or record alteration. Still, exposure of voter metadata can enable targeted misinformation or undermine public confidence.
Next steps recommended by the records
The documents and advisory collectively point to several evidence-focused actions:
– Perform a comprehensive forensic pull of server logs covering the exposure window (roughly 2025-05-20 through 2025-07-20) to identify external client IPs and patterns of access.
– Obtain full vendor patch notes and change logs for the July remediation to verify the configuration changes and any updates to retention policies.
– Ask National CERT whether it retains submission artifacts from the researcher that can be shared for forensic validation.
– If forensic review suggests possible access beyond what logs show, follow statutory notification procedures and consider regulatory escalation.
What this report does — and what it does not
This reconstruction sticks to the documentary record: audit appendices, CERT guidance, public scan logs and FOIA emails. It establishes a credible chain from deployment to discovery and remediation (misconfiguration → unauthenticated read access → audit confirmation → corrective action). It does not assert confirmed data theft or malicious use beyond the limits of the supplied materials; those questions require further forensic analysis and any regulator findings that may follow.
Summary
An independent municipal audit, a national CERT advisory, and a FOIA release of internal emails together show a configuration error in a city’s voter-registration system that allowed unauthenticated HTTP requests to retrieve voter records for weeks. The documents—Municipal Audit Report (June 2025), National CERT advisory #2025-17 (published July 2, 2025), and FOIA bundle B-2025 (released August 14, 2025)—provide overlapping, timestamped evidence of the issue, attempts at remediation, and gaps in logging that complicate efforts to determine whether data were copied offsite.0
Summary
An independent municipal audit, a national CERT advisory, and a FOIA release of internal emails together show a configuration error in a city’s voter-registration system that allowed unauthenticated HTTP requests to retrieve voter records for weeks. The documents—Municipal Audit Report (June 2025), National CERT advisory #2025-17 (published July 2, 2025), and FOIA bundle B-2025 (released August 14, 2025)—provide overlapping, timestamped evidence of the issue, attempts at remediation, and gaps in logging that complicate efforts to determine whether data were copied offsite.1
