Intruder Alert! Data on Millions of Voters Exposed

RNC chairman Reince Priebus in 2016

Intruder alert! Intruder alert! Data on nearly 200 million Americans was exposed for an extended period before the situation was known. Anyone who knew where to find it could download the information without a password.

Contractor Finds Exposed Database

The data analytics contractor, Deep Root Analytics, found the open data on June 12th. The exposed info was open to anyone from June 1st to June 14th. It has since been sealed and secured. Deep Root says “we take full responsibility for this situation.” Deep Root is employed by the RNC. We’ll see if anyone ever uses this company again. The databases were part of an Amazon cloud account which contained 25 TB of files. These files could be browsed without a login or password, The account was discovered by Chris Vickery who is a researcher for the security firm UpGuard. Vickery is a prominent researcher who specializes in finding improperly secured files. He says he has never seen an exposure of this magnitude before.

Anyone Could See This Information

According to UpGuard, the files contained 198 million database entries with names, addresses, and an RNC-ID that can be used with other exposed files to research individual Americans. It looks like a 50 GB file of “Post elect 2016” info contained modeled data about a voter’s likely position based on 46 different issues. That file appears in a folder entitled “target_point” which seemed to be a reference to another firm contracted by the RNC to help crunch data. Up?Guard speculates that the folder belongs to TargetPoint which complied and shared data with Deep Root. UpGuard Dan O’Sullivan looked himself up in the database and said the results for him were right on the money.

It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate,” he said.

According to Ad Age, the RNC spent $983,000 between January 2015 and November 2016 for Deep Root’s services and 4.2 million for TargetPoint.