14 DAY TRIAL // Personal details of more than 198 million American voters were exposed to hackers due to a misconfigured database operated by a contractor of the US Republican Party.
Security company UpGuard discovered that information of nearly 62 percent of the United States population was available to anyone holding the link to the Amazon cloud server where all the data was stored. The company in charge of managing the data is Deep Root Analytics, who used the voter information during the presidential campaign of Donald Trump.
UpGuard explains in an in-depth analysis that two other companies are also believed to have contributed to the database, including TargetPoint Consulting and Data Trust, the first of which was involved in the presidential campaign of George W. Bush in 2004.
“TargetPoint is a trusted and well-established authority on data operations within conservative political circles, having worked in the past on Rudy Giuliani’s 2008 presidential bid, the 2008 McCain/Palin campaign, and the National Republican Senatorial Committee’s reelection efforts,” the analysis notes.
198 million Americans exposed
The exposed information was stored on the Amazon Web Services S3 bucket and included details like name, home address, phone number, date of birth, voter registration status, political views, and even race and ethnicity. Deep Root Analytics says there’s no evidence of a hack and claims the problem has already been addressed, with data no longer available with a link to the database.
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” a statement provided by the company reads.
On the other hand, UpGuard, who says it discovered the data on June 12, reveals that security researcher Chris Vickery managed to download 1.1 TB of publicly accessible files with two different directors called data_trust and target_point.
“Among these files were clear indications of the repository’s political importance, with file directories named for a number of high-powered and influential Republican political organizations. As such, the exposed Deep Root Analytics warehouse contained a remarkable amount of fully accessible data,” UpGuard explains.