Personal data on almost 200 million USA voters-representing 61% of the total population and the majority of eligible voters of the count-was discovered to be stored on an insecure Amazon server and thus exposed to potential compromise. Upon discovering the repository, which was hosted on Amazon Web Services without any form of protection, Vickery alerted Deep Root Analytics, the owner of that data.
A report by security firm UpGuard's Cyber Risk Team suggests the personal information of nearly 62% of the United States' population was leaked as a result of a configuration error by a marketing firm employed by the Republican National Committee (RNC).
A researcher for security company UpGuard stumbled upon an unsecured server with a massive cache of data. The amount of information exposed by the incident is tremendous and it gives a fascinating insight into the targeting of voters in the run-up to the election.
Deep Root, TargetPoint and Data Trust together accumulated 9.5 billion data points on American voters, using algorithmic modeling to compile information in 48 different categories on each of the 198 potential voters in the presidential election.
"We take full responsibility for this situation", The founder of Deep Root Analytics, Alex Lundry, said in a statement. The firm said it "builds voter models to help enhance advertiser understanding of TV viewership". While some of the data came from Deep Root itself, a lot of it was aggregated from outside sources such as other data firms, Republican super PACs, and even Reddit.
"The data that was accessed was, to the best of our knowledge this proprietary information as well as voter data that is publicly available and readily provided by state government offices", the company said in a statement. In addition to more standard information like a person's name and address, it included individual income levels, whether they donated to religious organizations, where they worked, and whether they were politically conservative.
The data was compiled for last year's United States presidential election by Deep Root Analytics, Target Point Consulting, and Data Trust on behalf of the Republican National Committee, security vendor UpGuard said.
An analyst working with the cybersecurity company UpGuard was able to access the files on June 12, the company announced Monday.
Critical data was stored in two folders, one called data_trust and the other target_point. Anyone with an internet connection could have accessed the data just by navigating to the six-character domain, according to Vickery.
The contractor, Deep Root Analytics, stored the records it had gathered, in such a way that anyone who knew of the database's existence could have downloaded the data without as password, if they knew where to look for it.