GOP Data Firm Exposes Info Gathered on 198M Americans


UpGuard reported that American Crossroads, the super-PAC Republican strategist Karl Rove helped start, likely contributed data, as did a company called Data Trust, which boasts a mission of "continually develop [ing] a Republican and conservative data ecosystem through voter file collection, development, and enhancement". (It has since been secured, per the Hill.) In a post about the discovery Monday, UpGuard calls it "the largest known data exposure of its kind", pointing out that the data covers nearly all of the 200 million registered voters in the US. Among the personal contact information found on the insecure server were how individual voters felt about certain hot button issues such as stem cell research, gun ownership, and abortion. He said the data included proprietary information as well as publicly available voter data provided by state government officials.

More than a terabyte of information was publicly accessible.

The problem for nearly all of the country's 200 million voters - across the political spectrum - arose out of a "misconfigured database", according to Mountain View's UpGuard, which discovered the security breach by Virginia's Deep Root Analytics.

Researchers say a massive, unsecured Amazon Web Services database containing information on almost 200 million people was the work of a consulting company hired by the US Republican National Committee. UpGuard speculates that the folder may imply that the firm TargetPoint compiled and shared the data with Deep Root.

In a statement to ZDNet, Deep Root cofounder Alex Lundry said a "number of files" on the server were accessed without the company's permission.

According to Lundry, the voter modeling information that was also contained on the server was used to "enhance advertiser understanding of TV viewership".

Deep Root Analytics says its doesn't believe any malicious third party obtained the information, but it has hired a digital forensics team to investigate. Previously, 191 million records were exposed by data company i360. While Deep Root Analytics told Gizmodo that their data was not intended for any particular client, the telling fact remains that they were contracted by the GOP for $983,000 a year ago and by and large the firm works predominately with conservative groups.

The records were exposed to anyone who knew rudimentary search techniques, said UpGuard, a Mountain View, California, cybersecurity firm, but the records have since been secured again.

Privacy experts expressed alarm over the breach, which they said shows how deeply personal data has become integrated into the modern political campaign.

Gizmodo reports that Deep Root has accepted full responsibility for the oversight and corrected the issue, adding multiple layers of security to the data. "The campaigns that do it right combine all the available data together to make the most robust model for every single voter in the target universe".

As you can understand, we can't comment on much here as we are not at liberty to discuss the details of work on behalf of any entity that might be a client, nor provide specifics of our proprietary data and analysis.