Personal info of 198 million US voters leaked by RNC firm


UpGuard, a data security firm, in what is “the largest known data exposure of its kind,” has made known a very severe leak. This is about the exposure of the personal data of nearly every registered voter in the US

According to UpGuard’s Cyber Risk team, the data for 198 million registered voters in the US was left exposed, this obviously is a ridiculous number considering the fact that it’s 61% of the country’s population.

It’s good to know that this data was found by UpGuard’s Chris Vickery and not someone who has a malicious intention. The repository was hosted on Amazon Web Services and was without any form of protection, after discovering this, Vickery alerted Deep Root Analytics, the owner of that data before going public with this exposure, Deep Root Analytics had time to secure their data and Vickery was able to alert the federal authorities.

Vickery found 1.1TB of publicly accessible data containing information on voters, this data included first and last names, dates of birth, phone numbers, home and mailing addresses and also, in the cases where voters had self-identified, racial demographics as well. Beyond all of that, it included modeled data on voters’ ethnicity and religion.

This data was in the possession of Deep Root because it was helping the Republican Nation Committee better target its 2016 campaign for the US Presidency. In 2011 Deep Root was founded, that was shortly before the 2012 Presidential election. Many of these profiles were build on information’s from the elections in 2008 and 2012. Vickery also found a folder with data relevant to the 2016 election, but it only included files for Florida and Ohio.

Deep Root wasn’t the only company contributing information to this “data warehouse.” Data from two other companies – TargetPoint Consulting and Data Trust – was also compiled in this library, so the profiles the RNC had on voters were certainly extensive.

UpGuard says, this raises “significant questions” about data security in regards to American voters. UpGuard stresses that something needs to change about the way these companies store their data, otherwise a breach will happen.

“Despite the breadth of this breach, it will doubtlessly be topped in the future — to a likely far more damaging effect — if the ethos of cyber resilience across all platforms does not become the common language of all internet-facing systems – UpGuard.

UpGuard Inc. formerly ScriptRock, is an Australian IT company based in Mountain View, California.
is a cyber resilience startup company based in Mountain View, California that determines a company’s cyber-risk factors by scanning its internal network and systems. UpGuard then creates a report on where the company can improve its cybersecurity postures.

There are no comments

Add yours