It is being reported that personal information belonging to nearly 200 million potential Republican voters was exposed in an apparent leak that transpired earlier this month. The culprit? A data firm–Deep Root Analytics–the Republican National Committee hired last election it tasked with acquiring, tracking, and handling this sensitive material. Moreover, it’s been suggested that nearly 61%, or 198 million, of the U.S. population would have been put at risk if this leak wasn’t contained. This is perhaps the largest breach of its kind–totaling 1.1 terabytes of information.
The information was stored on a publicly accessible Amazon server, and the contents apparently weren’t password protected. (Uh oh.) The RNC paid this firm roughly $1 million for their efforts in last year’s election efforts. Here’s more about the contents found in the leak:
61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.
UpGuard cyber risk analyst Chris Vickery discovered the leak, which was determined to have taken place between June 1-14, 2017. Vickery discovered this leak during the evening of June 12th. Here’s more from UpGuard on the discovery:
The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012. Deep Root Analytics, TargetPoint, and Data Trust—all Republican data firms—were among the RNC-hired outfits working as the core of the Trump campaign’s 2016 general election data team, relied upon in the GOP effort to influence potential voters and accurately predict their behavior. The RNC data repository would ultimately acquire roughly 9.5 billion data points regarding three out of every five Americans, scoring 198 million potential US voters on their likely political preferences using advanced algorithmic modeling across forty-eight different categories.
Spreadsheets containing this accumulated data—last updated around the January 2017 presidential inauguration—constitute a treasure trove of political data and modeled preferences used by the Trump campaign. This data was also exposed in the misconfigured database and had been for an unknown period of time.
UpGuard’s discovery — of perhaps the largest known exposure of voter information in history—is corroborated by technical evidence, as well as by the public statements of the responsible firms and political staffers.
How could this gargantuan amount of information be compromised and not secured? The RNC–and all entities that are tasked with data collection–need to be more careful employing companies tasked with handling case-sensitive information they collect for purposes of voter contact.
No password protection? No secure account? These are rookie mistakes that can be avoided. Please secure your accounts!