Insights & Analyses

198 million US voter identities may have been exposed in massive security breach

In a potentially major data breach, a security researcher found that personal information of some 198 million U.S. voters, including ethnicity, religion and political preferences, was stored on an exposed server.

Republican data analytics firm Deep Root Analytics housed the data on an Amazon S3 server, where it was accessed by UpGuard analyst Chris Vickery. Deep Root was alerted to the flaw and it was patched prior to upGuard’s publication, but it’s unclear how many, if any, accessed the data before the server was fixed.

In a statement to ZDNet, Deep Root cofounder Alex Lundry said a “number of files” on the server were accessed without the company’s permission.

“The data that was accessed was, to the best of our knowledge, proprietary information, as well as voter data that is publicly available and readily provided by state government offices,” Lundry said. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked.”

Deep Root’s exposed information includes files from The Data Trust, which was created by the Republican Party to cultivate conservative data through voter file collection, development and enhancement.

The unsecured server hosted spreadsheets with GOP voters identified with names and unique identifiers from the 2008, 2012 and 2016 presidential elections. Data included name, date of birth, home address, phone number, and registration details. Profiling information was also included in an effort to predict the voting patterns of party members.

Big data has become a major focus in politics, embraced by Barack Obama in his two successful elections, and then last year by Donald Trump in his electoral college victory.

Trump, in particular, leveraged a database of 220 million people called “Project Alamo,” which was used to place tens of thousands of ad variants per day on social networks like Facebook.