Tech

Nearly 200 million U.S. voters exposed by leaky Amazon database

This is believed to be the largest-ever leak of voter records in history.

Photo of David Gilmour

David Gilmour

Donald Trump Voter

A data analysis contractor hired by the Republican National Committee left the personal information of 198 million registered voters exposed on a publicly accessible Amazon server, a new Gizmodo report reveals.

Featured Video

Researcher and analyst Chris Vickery, who works for security firm UpGuard, discovered the database, owned by Deep Root Analytics, which contains a wealth of data on each individual voter collated from a range of sources, from super PAC research to Reddit communities. All in, 25 terabytes of data was available to read on the open internet, with 1.1 terabytes of that available to download.

“In terms of the disc space used, this is the biggest exposure I’ve found. In terms of the scope and depth, this is the biggest one I’ve found,” Vickery told Gizmodo.

Files included names, addresses, and phone numbers for more than half of all Americans. Deep Roots Analytics assigned each person an “RNC ID” that correlated that voter’s profile to other data on the person’s policy stances and preferences on a range of issues—such as gun ownership, abortion, and religion. One research analyst with UpGuard carried out a search of himself on the available database information, finding that the results were “astoundingly accurate.”

Advertisement

Although Deep Root Analytics did not gather the data, the company confirmed their ownership of it in a statement to Gizmodo on Friday.

“We take full responsibility for this situation,” the firm’s founder, Alex Lundry, said. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”

The incident raises serious questions for the company about data security and, more broadly, about the role of complex data ecosystems utilized in political campaigns for voter targeting.

The RNC spent $983,000 between January 2015 and November 2016 on the Deep Root contract, according to Ad Age, and an extra $4.2 million on similar services delivered by another firm, TargetPoint.

Advertisement
 
The Daily Dot