In the largest exposure of voter data to date, 198 million names and records were discovered on an unsecured server owned by Deep Root Analytics, a data firm hired by the Republican National Convention for the 2016 election.
The files, totaling over a terabyte in size, were open to access on the internet without the need for a password. The exposed database was discovered by security firm UpGuard.
“In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.” the report from UpGuard states.
According to UpGuard, the data provides insight into the workings of the RNC’s $100 million data collection and analysis effort. The RNC hired three firms to delve into the political preferences of 198 million voters across 48 different categories.
The discovery has been corroborated by the three firms involved as well the responsible political staffers, according to UpGuard.
Here’s an analysis from UpGuard:
UpGuard’s Cyber Risk Team can now confirm that unsecured databases containing the sensitive personal details of over 198 million American voters was left exposed to the internet. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of nearly all of America’s 200 million registered voters was exposed, including their names, dates of birth, home addresses, phone numbers, and voter registration details, as well as voter ethnicities and religions as “modeled” by the firms’ data scientists.