The personal details of close to 200 million registered U.S. voters were exposed due to a misconfigured database. A Republican National Committee-funded data firm, Deep Root Analytics, stored the information on an unsecured cloud server.
It is not clear how long the information was unsecured. A researcher at security firm UpGuard stumbled upon the 1.1 terabytes of personal information and modeled data last week. The researcher, Chris Vickery, downloaded all of the accessible data and then notified federal authorities. Deep Root quickly secured the information after learning of the situation.
Political Campaigns Use Big Data to Gain an Edge
Political campaigns have used big data in the last 10 years to gain an edge on their opponents. Campaigns can now upload email addresses of their supporters and Facebook will match them with user accounts. This allows campaigns to buy extremely targeted ads that only a select group ever sees.
Firms like Deep Root gather as much information as they can about voters so that campaigns know what ads will be most effective. Firms can predict a person’s stance on political issues by analyzing thousands of data points about that person. These data points include what people have liked and followed on Facebook, as well as other online activity that data firms track.
Data firms do not have access to who a person voted for in an election, but they do know whether you vote or not, your party affiliation, and basic information like phone number and address. With more and more companies gathering and selling information, firms like Deep Root have collected and organized massive amounts of data.
What Deep Root Learned About Voters
Vickery discovered data going back through the 2008 election. Each state had a .csv file (which is a way of storing tabular data) with various categories that show the breadth of information that Deep Root had gathered.
Categories like “Modeled Religion,” “Birth Year,” and “Self-Reported Demographic” show how Deep Root tracked various aspects of voters. The files contain a blend of factual information and modeled data that attempts to predict a person’s stance on various issues.
One of Vickery’s colleagues, Dan O’Sullivan, looked himself up in the files and admitted that the firm accurately predicted his political stances on a variety of issues. Anyone who accessed the information could have downloaded a trove of information about the majority of American voters.
The Fallout
Deep Root has secured the information and taken responsibility for the breach. No one knows if anyone besides Vickery accessed the information by visiting the unsecured server.
This incident shows how combining sophisticated data gathering methods with lax security can lead to major breaches. This will certainly not be the last data breach, but for the time being, it’s one of the biggest and most significant.