A data analysis contractor hired by the Republican National Committee left the personal information of 198 million registered voters exposed on a publicly accessible Amazon server, a new Gizmodo report reveals.
Researcher and analyst Chris Vickery, who works for security firm UpGuard, discovered the database, owned by Deep Root Analytics, which contains a wealth of data on each individual voter collated from a range of sources, from super PAC research to Reddit communities. All in, 25 terabytes of data was available to read on the open internet, with 1.1 terabytes of that available to download.
“In terms of the disc space used, this is the biggest exposure I’ve found. In terms of the scope and depth, this is the biggest one I’ve found,” Vickery told Gizmodo.
Files included names, addresses, and phone numbers for more than half of all Americans. Deep Roots Analytics assigned each person an “RNC ID” that correlated that voter’s profile to other data on the person’s policy stances and preferences on a range of issues—such as gun ownership, abortion, and religion. One research analyst with UpGuard carried out a search of himself on the available database information, finding that the results were “astoundingly accurate.”
Although Deep Root Analytics did not gather the data, the company confirmed their ownership of it in a statement to Gizmodo on Friday.
“We take full responsibility for this situation,” the firm’s founder, Alex Lundry, said. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
The incident raises serious questions for the company about data security and, more broadly, about the role of complex data ecosystems utilized in political campaigns for voter targeting.
The RNC spent $983,000 between January 2015 and November 2016 on the Deep Root contract, according to Ad Age, and an extra $4.2 million on similar services delivered by another firm, TargetPoint.