Crosscheck member states send voter registration data to the Kansas Secretary of State every year. This data includes name, address, and last four digits of social security number.
In October 2017, researchers revealed that for over a decade, Crosscheck was using inadequate security measures for the transfer and encryption of the millions of Americans' voter registrations it was entrusted with every year. The vulnerability to hacking has been covered by MotherJones.com and ProPublica, among others.
Kansas does not carry data liability insurance in case of a data breach.
In addition, all voters identified in error as "possible duplicate registrants" have their data, including SSN4, shared with at least one state besides their state of residence.
Because Crosscheck's data problems have generated significant interest from the press and voting rights advocates, there have been several reported incidents of voter data (including SSN4) being released via open records requests. (We have obtained one such list which includes the SSN4 of 945 Americans, none of whom were not doubly registered.).
One member state (New York) has temporarily discontinued use of Crosscheck due to data privacy concerns.