The Baltimore administration has put the safety of millions of city residents at risk after an unprotected database containing personal information of citizens who contacted 311 since 1989 was found online.
On May 8, researchers discovered a publicly accessible copy of Kibana owned by the city. Kibana is a data visualization platform commonly used to analyze various types of information. Unfortunately, this copy lacked authentication or authorization systems to prevent unauthorized access, and it contained over 13.5 million reports.
The 311 service in Baltimore allows citizens to report non-emergency issues. Originally launched in 1996 as a telephone line, it is now accessible through a website and mobile application. City residents can use 311 to report a range of problems, including road issues, sanitation concerns, stray animals, parking violations, and other non-critical city matters.
The leakage exposed the names, email addresses, and phone numbers of individuals who had filed reports over several decades. The compromised information included details about traffic accidents, housing sanitation complaints, road quality reports, speed camera locations and statuses, animal complaints, and allegations of illegal activity.
Of particular concern is that some residents utilized the 311 service to report crimes. Given Baltimore’s alarmingly high murder rate (over 45 murders per 100,000 residents last year, which is eight times the national average), disclosing such information could potentially endanger the safety of those who filed reports.
As of now, the city administration has not issued a statement regarding the situation. It remains uncertain how long the database was exposed and who may have accessed this sensitive data. This data breach erodes citizens’ confidence in the system and raises doubts about the city’s capability to safeguard the private information of its residents.