Political data breaches aren’t just for the DNC anymore: A GOP data firm has accidentally leaked personal information on almost all of the 200 million registered voters it had access to. The database was left exposed to the internet on a publicly accessible Amazon server.
The number of Americans affected is estimated to be 61 percent of the entire U.S. population, and span both political parties.
The News
The news was broken by the internet security team at UpGuard, which posted this today:
“In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust.
In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.”
Since UpGuard noticed the leak last week, tech site Gizmodo has confirmed the ownership of the data belonged to Deep Root Analytics, a “conservative data firm that identifies audiences for political ads.”
The Scale
Previous voter information leaks across the globe include a Mexican government data breach that revealed the private records of 93.4 million voters, reported in April 2016, and a breach impacting 55 million voters in the Philippines. This one has both breaches beaten by an additional 100 million voters, making it very likely the largest known exposure of voter information in history.
One particularly upsetting detail in UpGuard’s account of the breach investigation? The files in question started with “the potential voter’s first and last names,” immediately “limiting even the barest possibility of the data sets masking the identities of those described.”
These breaches will only get worse until better protocols are common across the internet. Rule number one? If you have a terabyte of data, password protect it.
Read more about cybersecurity risks on Tech.Co