The personal information of nearly all of America’s 200 million registered voters was left unprotected in an online database discovered last week by a cybersecurity firm in what the company described as the “largest known data exposure of its kind.”
The database, owned by Republican data firm Deep Root Analytics, included names, dates of birth, home addresses, phone numbers, voter registration details and “data described as ‘modeled’ voter ethnicities and religions,” according to UpGuard, the firm that uncovered the information.
“Along with home addresses, birth dates and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research and the right to abortion, as well as suspected religious affiliation and ethnicity,” reported Gizmodo, which also reviewed the data.
In all, it encompassed 1.1 terabytes of information covering 198 million potential voters.
"With this data, you can target neighborhoods, individuals, people of all sorts of persuasions," Chris Vickery, the UpGuard cyber risk researcher who discovered the database, told The Washington Post. "I could give you the home address of every person the RNC believes voted for Trump."
Vickery found the database while searching for vulnerable data sources online as part of his job. It was not clear whether anyone other than Vickery downloaded the information, or how long it was online and unprotected.
"What is alarming about this now is that I believe it's the first time RNC IDs and model data have been exposed," veteran GOP political data strategist Matt Oszcowski told The Post. "This is not just a list of people; this is unique proprietary information which gives away (Republican) strategy and informs on targeting and methodology."
In a statement released to Gizmodo, Deep Root founder Alex Lundry said the company took responsibility for the mistake and said it happened when the company updated its security settings on June 1. Vickery found the information on June 12.
“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” Lundry told Gizmodo. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”