recommended reading

Threatwatch

198M Voters’ Data Exposed by RNC Contractor

Misplaced data

Improperly configured databases exposed 198 million potential voters’ personal information and how they may vote on hot-button issues, allowing anyone with the URL to view the data gathered by analytics firms working on behalf of the Republican National Committee, according to a security firm.

Chris Vickery, a researcher with the security firm UpGuard, discovered 1.1 terabytes of voter information in a publicly accessible cloud June 12, including names, birth dates, home addresses, phone numbers and modeled data, such as ethnicities and religions. It also included likely voter preferences on issues such as stem-cell research and gun control, a Gizmodo report said.   

“The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012,” according to UpGuard post on the incident.

UpGuard said Deep Root Analytics, TargetPoint Consulting and Data Trust compiled the data for the RNC from a variety of sources to help Donald Trump’s presidential campaign.  

“The data accessed was not built for or used by any specific client,” Deep Root Analytics, a media analytics firm that helps target audiences, said in a June 19 statement. “It is our proprietary analysis to help inform local television ad buying. The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices.”

Deep Root Analytics said the data was accessible June 1-14 after Vickery notified regulatory bodies of the discovery. 

sector

Political Organizations

reported

June 19, 2017

reported by

Gizmodo

number affected

198 million

location of breach

United States

perpetrators

Employees

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown