The personal data of 198 million American voters, including information that suggests who a person might vote for and the reasons why, was stored on an unsecured Amazon server by a Republican data analytics firm, called Deep Root Analytics, ZD Net reported.
“We take full responsibility for this situation,” the company said in a statement.
The records of possibly every registered voter in the US for over a decade, including profiling data focused on the 2016 campaign, was online and accessible to anyone, without a password, until UpGuard cyber risk analyst Chris Vickery identified the vulnerable server and verified the data on June 12. The records included the first and last name, date of birth, phone number, home and mailing address, party affiliation, voter registration data, and ethnicity, as well as a flag indicating whether the person appeared on the federal Do-Not-Call registry. The server was ultimately secured late last week prior to publication.
Since President Obama’s big win in 2008 Republicans have put millions of dollars into big data analysis to better target voters.
This isn’t Vickery’s first discovery. A prominent cybersecurity researcher skilled at uncovering unsecured or improperly secured files online, Vickery found nearly 90 million Mexican voter records in an exposed database, in 2016 alone, in addition to identifying several unsecured US voter databases around the country, which accounted for nearly 18 million voters, as well as the entire voter database of Louisiana, which accounted for another 2.9 million voters.
“In terms of the disc space used, this is the biggest exposure I’ve found. In terms of the scope and depth, this is the biggest one I’ve found,” Vickery said.
The Republican National Committee was a major client of Deep Root during the 2016 campaign season, according to The Hill, and the firm was one of only a handful contracted for big data analysis by the GOP. Deep Root Analytics and other firms use data from a variety of sources, such as social media accounts like Facebook and Twitter, to extrapolate voters’ social and political preferences in order to market to them most effectively.
According to Vickery’s report, a smaller folder marked for the 2016 election contained files on voters in Ohio and Florida, probably the two most crucial battleground states in the country.
Between January 2015 and November 2016, the RNC paid $983,000 to Deep Root Analytics and $4.2 million to TargetPoint, a conservative market research firm, according to Ad Age.
The size and scope of this exposure—which contained information on more than half of the American population—is unprecedented.
Why do Republicans, including Senate Majority Leader Mitch McConnell and House Speaker Paul Ryan, who seem generally unfazed by Trump-Russia, feel, in fact, emboldened enough to ram through a highly unpopular health care bill?
Given the GOP’s nonsensical obsession with leaks and unwillingness to aggressively investigate Russian interference in the 2016 elections, I cannot help but wonder whether this massive leak was, in fact, accidental or simply a clever and (almost) undetectable way of giving bad actors, such as Russian intelligence agents or political marketers, unfettered access to all the information they need to help manipulate the vote (again) in the 2018 midterm elections.
At the very least, the company’s handling of such sensitive information is critically careless, if not criminally so.
– Danielle Bizzarro