Detailed voter information on about 198 million potential voters was left exposed to unauthorized access on the internet by a data analytics contractor employed by the Republican National Committee (RNC), and other GOP clients.
The contractor, Deep Root Analytics, left its databases containing approximately 25 terabytes of data on an unguarded Amazon S3 storage server, allowing users to access the treasure trove of information without the need for them to login.
This means that anyone who knew what to look for could have viewed, and even downloaded the information for their purposes. This is quite alarming considering the level of detail on those profiled, including their political leanings, ethnicity, religion and other personal data.
The contractor confirmed the security incident in a statement on Monday:
“Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge.
Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.
The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”
The contractor also acknowledged that it has taken steps to address the issue by hiring a cybersecurity firm.
“We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked.”