According to Mexican law, it's illegal to use voter records for personal gain Credit: REUTERS/Edgard Garrido A 132 GB database, containing the personal information on 93.4 million Mexican voters has finally been taken offline. The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015.Vickery, who works as a security researcher at Kromtech (the company behind MacKeeper), discovered the MongoDB instance on April 14, but had difficulty tracking down the person or company responsible for placing the voter data on Amazon’s AWS. He first reached out to the U.S. State Department, as well as the Mexican Embassy, but had little success.The database contains all of the information that Mexican citizens need for their government-issued photo IDs that enable them to vote. Along with their municipality, and district information, the database records include the voter’s name, address, voter ID number, date of birth, the names of their parents, occupation, and more.Eventually, after a speaking engagement at Harvard University’s Center for Government and International Studies, Vickery was able to reach someone the Mexican Instituto Nacional Electoral (INE). The database was pulled offline earlier this morning. Given that the database has been online since September 2015, it isn’t clear how many people have accessed the records. Additionally, the actual owner of the account hosting the data remains unknown.Mexico has strict laws regarding the usage and access of voter information, and the last time such records were in the hands of a company in the U.S., it became an international incident. “Under Mexican law this data is strictly confidential, carrying a penalty of up to 12 years in prison for transfer or extraction for personal gain. The Mexican Elections Commissioner has confirmed that the database is authentic. The data is now secured but the real question is who else had access to this sensitive information, and who put it on a US-based Amazon cloud server?” Vickery said in a brief statement.In 2003, data broker ChoicePoint said they were commissioned by the U.S. government to obtain more than 65 million records on registered Mexican voters, and six million drivers in Mexico City.Last December, in a discovery that mirrors this recent one completely, Vickery discovered a database with 191 million U.S. voter records, followed a short time later by a database housing targeted voting data on 18 million U.S. voters.In both cases, Vickery worked with Salted Hash and Databreaches.net on the story. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe