The researcher in question, Chris Vickery, came across the huge amount of personal records on 12 June and worked with USA authorities to secure the database within 48 hours.
To put that into perspective, Politico reported that 200 million people had registered to vote in the U.S. election in 2016.
The information included in the leaks include the voter’s name, date of birth, home address, phone number, and other voter registration details like party affiliation.
In a statement released to Gizmodo, Deep Root founder Alex Lundry said the company took responsibility for the mistake and said it happened when the company updated its security settings on June 1. “Through this process, which is now underway, we have learned that access was gained through a recent change in asset access settings since June 1”, it read in part. The exposed server even contained weird bits of data.
The company said it had updated its system-access settings and “put protocols in place to prevent further access”. Vickery discovered and reported the server but it’s unclear if he was the first to get to the data or if someone else may have had access first.
Privacy experts noted how personal data have become highly detailed for political campaigns.
The data was compiled by Deep Root Analytics, which advises campaigns on political TV advertising and was contracted by the Republican National Committee. It sprawls so deep and so far.
Speaking about the leak, Tim Erlin, VP at Tripwire said that he believes that basic security controls were probably not followed, leaving the information available without hacking. Prior to that, 154 million records were exposed and contained insights like a voter’s social media profiles, gun ownership status and more.
Some of the records were provided by two other Republican data firms, namely TargetPoint and Data Trust, whose service helped in shaping Trump’s campaign.
“[Deep Root] builds voter models to help enhance advertiser understanding of TV viewership”.
“Data is shared between these companies”.
In March the Information Commissioner’s Office (ICO) said it would investigate the use of analytics and personal data to sway voters ahead of last year’s European Union referendum. “To date, the only entity that we are aware of that had access to the data was Chris Vickery”. Vickery said he found unprotected files of as many as 198 million voters.
Researchers say a massive, unsecured Amazon Web Services database containing information on almost 200 million people was the work of a consulting company hired by the US Republican National Committee. Still, the idea that something with data on most United States adults floating around is concerning-UpGuard was probably not the first to grab these files. “All we know is that the data was incredibly detailed”.