According to UpGuard, the voter data included multiple pieces of personally identifiable information for "potentially near all of America's 200 million registered voters". The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust.
UpGuard informed Deep Root of the exposed files last week and as of June 14 the storage instance was secured as private.
UpGuard cyber risk analyst Chris Vickery discovered the misconfigured database on June 12.
A Republican analytics firm's database of almost every registered American voter was left vulnerable to theft on a public server for 12 days this month, according to a cybersecurity researcher who found and downloaded the trove of data. It had last been updated in January when President Donald Trump was inaugurated and had been online for an unknown period of time.
So far, Deep Root doesn't believe the information was accessed by any malicious third parties. "Based on the information we have gathered thus far, we do not believe that our systems have been hacked". The company sells and supplies voter data to political candidates, who rely on access to the data in order to shape their campaigns.
The collection of citizens' details has been a huge part of the Republican Party's recent political strategy.
"Deep Root Analytics maintains industry standard security protocols", said the firm in a statement. So-called spear-phishing attacks are often more successful than mass emails from "Nigerian princes" willing to shower you with riches if you front them a few bucks.
The company was hired by the Republican National Committee (RNC) in the run-up to the 2016 USA presidential election to provide insights on American voters and their feelings towards important campaign issues. "These political data firms might as well be working for the Russians".
Deep Root Analytics is a media analytic firm which helps advertisers target their products to consumers most effectively.
"Campaigns are very narrowly focused".
The Koch data operation, which is widely regarded by Republican strategists, had more than 200 GOP campaigns and state parties as clients in 2016, The Post reported past year. "This is valuable for people who have nefarious purposes", Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data. "I worry that if there's no way to punish campaigns for leaking this stuff, it's going to continue to happen until something bad happens".
Over the 2016 election season, the RNC was a major client of Deep Root, one of a handful firms it contacted for big data analysis. Yet while that could inspire a sigh of relief in some, there's not much in place to incentivize data firms to care enough to stop these incidents from happening again.