The personal information of more than 198 million US voters was exposed online in what security firm UpGuard is calling the biggest ever leak of US voter data.
The sensitive information was exposed after a GOP data firm contracted by the Republication National Committee (RNC)—Deep Root Analytics—inadvertently stored internal documents on a public Amazon cloud server "lacking any security barriers," Upguard wrote in a blog post.
The 1.1TB of "entirely unsecured personal information" (about 10 billion pages of text in all) was compiled by Deep Root and two other conservative contractors — TargetPoint Consulting and Data Trust. It included names, birthdates, home addresses, phone numbers, voter registration details, and their suspected ethnicity and religion.
The information also included information about "potential political inclinations" like where individual voters stand on issues like gun control and abortion, whether they voted for Obama in 2012, whether they agree with Trump's foreign policies, and how likely are to be concerned with specific issues like auto manufacturing.
Deep Root, which owns the leaked data, confirmed the breach in a statement Monday. "The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices," the company wrote. "Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation."
As Gizmodo notes, campaigns routinely compile such data about potential voters during campaigns, but it's not usually dumped online for anyone to peruse. The RNC, for example, paid Deep Root almost $1 million for such data last year; it paid Data Trust $6.7 million during the 2016 election, Gizmodo reports.
The leaked files, according to UpGuard, "provide a rare glimpse into a systematic large-scale analytics operation being performed using a massive repository of 198 million potential voters, combining personal details, backgrounds, and political behavior to, paraphrasing [TargetPoint founder Alexander] Gage, 'unravel their political DNA. The result is a database of grand scope and scale, collecting the modeled personal and political preferences of most of the country."
UpGuard said that anyone with an internet connection could have accessed the information, which was used to "power Donald Trump's presidential victory."
Related
- Tech Execs Slam Paris Decision, Musk Ditches Trump CouncilTech Execs Slam Paris Decision, Musk Ditches Trump Council
UpGuard Cyber Risk Analyst Chris Vickery discovered the leaked data last week while searching for misconfigured data sources. He notified federal authorities, and confirmed that the information has now been secured against public access.
"This disclosure dwarfs previous breaches of electoral data… exposing the personal information of over 61 percent of the entire US population," UpGuard wrote.
In 2015, a publicly available database with approximately 191 million voting records was posted online, but no one was really sure where the info came from. Six months later, another database with 154 million records was also exposed.