Personal Info of Nearly 200 Million Voters Left Vulnerable by Analytics Firm

Report Millions of voters info was laid bare on Internet

CNN Video

Not to mention, the 2016 election was defined, in part, by the Democrats' analogous inability to protect their own data. When combined with an additional 24 terabytes of data that had been secured, Republican groups could see what the best strategies would be for appealing to crucial pockets of voters.

Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of almost 200 million Americans on a server run by Amazon's cloud hosting business that was left without a password or any other protection.

UpGuard's Cyber Risk Team can now confirm that unsecured databases containing the sensitive personal details of over 198 million American voters was left exposed to the internet.

Numerous records stored on the server came from data firms other than Deep Root Analytics, one of which was The Data Trust, the primary provider of the GOP's voter details contracted by the party for a whopping $6.7 million in 2016. The exposed information, which formed the backbone for Trump's data operation, includes home addresses, dates of birth, party affiliations, religious backgrounds, ethnic identities, public polling data, Reddit usage history, and more.

Misconfigured cloud servers and online databases are a common way for data to be accidentally left exposed to the public. Besides the 1.1TB of publicly accessible information, another 24TB of secured data was stored on the server.

According to media reports, one file called "Post Elect 2016" contained information on voters' likely views about topics such as US President Donald Trump's "America First" policy and whether they voted for former President Barack Obama. Deep Root was founded in 2011, shortly before the 2012 Presidential election, and indeed, many of these profiles were build on informations from the elections in 2008 and 2012. "These political data firms might as well be working for the Russians".

There is a general statement that has been released, which is below. TargetPoint and DRA have not responded to our requests for comment, and a Data Trust spokesperson said, "We are aware of Deep Root's situation, but inquiries about it need to be directed to them". The database was last updated in early 2017. It is believed 62 percent of the USA population was affected.

The server belonged to a Republican data analytics firm, Deep Root Analytics. It is our proprietary analysis to help inform local television ad buying. "Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access". Deep Roots was contracted by the RNC to store internal documents in the party's fundraising arm. It said it had hired a Washington cybersecurity firm, Stroz Friedberg, to review how the vulnerability happened. Through this process, which is now underway, we have learned that access was gained through a recent change in asset access settings since June 1, 2017.

"We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked", he said.

Latest News