A cybersecurity firm says that a database of registered voter information containing personal data on nearly 200 million Americans was left online without proper security by a contractor hired by the Republican National Committee.
This is according to UpGuard, a firm that says it discovered this database on June 12. The 1.1 terabytes of data included the names, mailing addresses, phone numbers, dates of birth, voter registration details, and other data that tries to predict each person’s likely religion and ethnicity, for around 198 million registered voters. That would appear to be every, or close to every, registered voter in the U.S.
The data was stored on a cloud server owned by Deep Root Analytics, a media analytics firm hired by the RNC as part of the 2016 election campaign. The database was last updated in early 2017.
In a statement in response to the UpGuard report, Deep Root contends that the data on the server “was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.”
Okay, but why was it not secure? Deep Root says it didn’t need to be.
“The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices,” explains the company. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
The company says it it conducting an internal review and believes that the data found by UpGuard was only exposed following a change put in place earlier this month.
“We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked,” says Deep Root.
While the data left exposed on this server was not the sort of highly sensitive bank/credit account information that one normally…