A significant 25 terabyte trove of voter data from a marketing firm contracted by the Republican National Committee has been exposed, with personal nearly 200 million US citizens leaked.
The data was found to be stored on an open Amazon S3 storage server owned by Deep Root Analytics, a Republican data analytics firm. The exposed server was discovered by UpGuard cyber risk analyst Chris Vickery, who verified the data and made the disclosure last week. The server was secured soon after.
Notably, the information wasn’t stolen by hackers before a leak. Instead, it was uploaded on an insecure server, enabling anyone with a link to the server to click in and download every single file on the database.
Speaking to Forbes, Vickery stated:
In terms of the disc space used, this is the biggest exposure I’ve found. In terms of the scope and depth, this is the biggest one I’ve found.
Personal data belonging to over half of the entire US population, dating back to more than a decade, has been discovered on an exposed and unsecured server in what is the largest-ever exposure of voter information.
In a statement to Mashable, Deep Root Analytics confirmed the security lapse of its storage system and claimed it is currently conducting a forensic investigation with a cybersecurity firm.
“Through this process, which is currently underway, we have learned that access was gained through a recent change in asset access settings since June 1, 2017. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked,” admitted Deep Root Analytics. “To date, the only entity that we are aware of that had access to the data was Chris Vickery.”
The data included significantly detailed profiles of nearly 200 million voters. They included birthdates, home addresses, telephone numbers and political views of all registered voters. Information combed from big data analysis including voters’ stand on gun ownership, right to abortion, religious affiliation and ethnicity were also included.
“Deep Root Analytics has taken full responsibility for this situation and the RNC has halted any further work with the company pending the conclusion of their investigation into security procedures,” the Republican National Committee added.
Image credit: Wikimedia.