A Republican data analytics contractor left most American voters' information exposed on a publicly accessible Amazon server, a cybersecurity researcher revealed. File Photo by Molly Riley/UPI |
License Photo
June 19 (UPI) -- A Republican data analytics contractor left most American voters' information exposed on a publicly accessible server, a cybersecurity researcher revealed.
Deep Root Analytics information that contained the names, birthdates, home addresses, phone numbers and registration information of more than 198 million Americans was accessible for 12 days this month, said Chris Vickery, a risk analyst at cybersecurity firm UpGuard. The information wasn't strictly about Republicans and was compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust.
The information came from social media, public government records and proprietary polling by political groups.
On June 12, Vicker said he found and downloaded the 1.1-terabyte spreadsheets on a server run by Amazon's cloud hosting business that was left without a password or any other protection.
"With this data you can target neighborhoods, individuals, people of all sorts of persuasions," Vickery told The Washington Post. "I could give you the home address of every person the RNC believes voted for Trump."
Anyone with Internet access could also have downloaded all the data.
So far, Deep Root doesn't believe the information was accessed by any malicious third parties.
"We take full responsibility for this situation," Alex Lundry, the company's founder, said in a statement to Gizmodo. "Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access."
Deep Root's data was exposed after the company updated its security settings on June 1, Lundry said.
Deep Root partnered with Data Trust, the Republican National Committee's designated data firm, to model the 2008 and 2012 elections for 2016.
"Among these files were clear indications of the repository's political importance, with file directories named for a number of high-powered and influential Republican political organizations," Vickery and journalist Dan O'Sullivan wrote in a blog post at UpGuard.
Privacy experts noted how personal data have become highly detailed for political campaigns.
"They're using this information to create political dossiers on individuals that are now available for anyone," Jeffrey Chester, executive director of the Center for Digital Democracy, told the Post. "These political data firms might as well be working for the Russians."
Folders for 2008 and 2012 included 51 spreadsheets each — one for every state plus Washington, D.C.
UpGuard's team discovered an additional 24 terabytes of data not publicly accessible, including documents related to GOP strategist Karl Rove's American Crossroads super PAC.
Last year, the RNC paid Deep Root $983,000, according to Federal Election Commission reports.
