In what may be the largest ever exposure of voter information to date, personal identifiable information for nearly 200 million American voters was left exposed this month after data analytics consultants hired by the Republican National Commitee (RNC) stored the files on an unsecured Amazon Web Services database.
According to security firm UpGuard, who discovered the leak, RNC contractors working for political data analytics firm Deep Root Analytics, stored the records of 198 million US voters on an unsecured AWS S3 database. Records stored on the database included dates of birth, phone numbers, and addresses.
After discovering the issue, UpGuard notified Deep Root of the exposed files, and as of June 14th the database has been made private. Before that, the data had been exposed for an unknown period of time, according to UpGuard. During that time, anyone with the server’s AWS subdomain could have accessed the 1.1TB of voter data left exposed.
The exposed databases were last updated around the January 2017 presidential inauguration and “constitute a treasure trove of political data and modeled preferences used by the Trump campaign,” says UpGuard.
“Starting with the potential voter’s first and last names – limiting even the barest possibility of the data sets masking the identities of those described – the files go on to list a great deal more data, including the voter’s date of birth, home and mailing addresses, phone number, registered party, self-reported racial demographic, voter registration status, and even whether they are on the federal ‘Do Not Call’ list.”
The spreadsheets even include data fields on the ‘modeled ethnicity’ and ‘modeled religion’ of voters, which as UpGuard rightly points out, could be “particularly sensitive personal details that have historically been a source of controversy for data collection.”
Latest posts by Jeff Edwards (see all)
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017