Nearly 200M Americans hit by massive voter data leak

Geoffrey Yoste votes at the Oxford Conference Center during a special election for Mississippi's 1st Congressional District, in Oxford, Miss. on Tuesday, June 2, 2015. Democrat Walter Zinn Jr. and Republican Trent Kelly are vying for the seat previously held by Alan Nunnelee, who died in February 2015. (Bruce Newman/Oxford Eagle via AP) NO SALES

(CBS News) – Personal information for more than 198 million American voters was left exposed this month after a data analytics firm hired by the Republican National Committee stored the files on an unsecured Amazon server.

Deep Root Analytics, the conservative analytics firm, confirmed in a statement Monday the files had been accessed without their knowledge.

“The data that was accessed was, to the best of our knowledge this proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the company said in a statement. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”

Meanwhile, the Republican National Committee also issued a statement saying they have cut ties to Deep Root Analytics.

“Deep Root Analytics has taken full responsibility for this situation and the RNC has halted any further work with the company pending the conclusion of their investigation into security procedures,” the RNC said in a statement. “While Deep Root has confirmed the information accessed did not contain any proprietary RNC information, the RNC takes the security of voter information very seriously and we require vendors to do the same.”

UpGuard cyber risk analyst Chris Vickery found the exposed server on June 12, notified federal authorities, and Deep Root Analytics secured the files against public access two days after they were discovered.

Vickery discovered 1.1 terabytes stored on the cloud, that was fully downloadable and not password protected, according to a report published to UpGuard’s website.

“Among these files were clear indications of the repository’s political importance, with file directories named for a number of high-powered and influential Republican political organizations. As such, the exposed Deep Root Analytics warehouse contained a remarkable amount of fully accessible data,” the report says.

The server also contained data from conservative research firm TargetPoint, which helps candidates understand voter behavior. UpGuard says some entries rates voters on the likelihood of what policy, political candidate, and belief they will most or least likely support.

This is far from Vickery’s first major discovery of unprotected voter records. He was responsible for revealing 87 million exposed Mexican voter records in 2016 and finding U.S. databases online that included 18 million voter records, ZDNet reports.

Still, UpGuard predicts that the massive breach will be topped sometime in the future with a “far more damaging effect.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s