Republican Analytics Firm Recklessly Exposed Personal Details And Political Views Of Nearly 200M Americans
In what is being billed as one of the largest data leaks recorded in the United States, an analytics firm contracted by the Republican National Committee (RNC) was found to have exposed the personal details and political biases of nearly 200 million Americans.
According to Chris Vickery, a risk analyst for cybersecurity firm UpGuard, the information was left exposed on the internet due to a “misconfigured database” using Amazon Web Services for server storage. The firm responsible for this serious lapse in security was Deep Root Analytics. Over 1.1 terabytes of data was made publicly available via the internet for twelve whole days (it wasn’t password protected). During that time, anyone could have stumbled upon the treasure trove of personal information that was held within numerous spreadsheets.
According to an October 2016 report, there are just over 200 million people registered to vote in the United States. This data breach encompassed 198 million voters. In addition to names and dates of birth for each person, other information that was exposed included home address, phone numbers, and voter registration details. But that’s not all, there are a total of 48 data fields for each individual voter, detailing their stances on a number of subjects including gun rights, abortion, environmental issues and even opinions on stem cell research.
“The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012,” writes UpGuard’s Dan O'Sullivan. “Deep Root Analytics, TargetPoint, and Data Trust—all Republican data firms—were among the RNC-hired outfits working as the core of the Trump campaign’s 2016 general election data team, relied upon in the GOP effort to influence potential voters and accurately predict their behavior.”
What should be the most alarming to everyone is the fact that such sensitive information was improperly handled on such a large scale. This large collection of data is by no means unprecedented for political campaigns, but such data is usually held very close to the vest and locked down for safe keeping.
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” added O'Sullivan. “The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
For its part, Deep Root Analytics founder Alex Lundry provided the following statement to Gizmodo. “We take full responsibility for this situation. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”