A marketing firm that was employed by the Republican National Committee accidentally exposed data belonging to 200 million US citizens. That is around 62% of the entire population of the US. The exposed data includes information like home addresses, political views, phone numbers and even birthdays. All of it is available publicly – The said data was found exposed on one of Amazon cloud servers that anyone could access, provided that they had a link to it.
The data was found by one of the UpGuard’s analysts, Chris Vickery. Vickery stumbled upon it last week and the current estimate is that the data in question was collected from several different sources. Some of them are even Reddit posts, while others are Republican Party’s fund-raising committees.
Deep Root Analytics owns the server that data was found on. According to current reports, it was last updated in January around Donald Trump’s inauguration.
Alex Lundry, founder of Deep Root Analytics has also given a statement. In it, he claims that their systems were not hacked, but that the company will still take full responsibility for this situation. He also said that multiple protocols and settings were modified as soon as this incident came to their attention.
In a conversation with Gizmodo Lundry said that:
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”
The data itself contained a lot of personal information, but it also included suspected religious affiliations of the citizens and even some political biases and ethnicities. For example, their thoughts about stem cell research, a right to abortion, or gun control were also found in this data packet.
It is believed that this data would be used by the Republicans, at least according to some of the file names. This data is probably part of major profile creation operation from the time when voters were studied and profiled by using whatever data was available.
Many have found it troubling and not only the fact that this data exists but also how poorly it was protected. Still, both private corporations, as well as political campaigns are held responsible for such a data loss. Also, this is further proof of how much of a target the citizens are when it comes to data analytics operations.
It was not a secret that the data concerning voters is often collected and studied by different political parties. However, this goes far beyond that, and it could be the largest data breach connected to the elections that have ever happened.
Many have found it extremely troubling because this data isn’t only sensitive. Some of it can even be called intimate info. This includes the people’s opinions, beliefs, as well as behavior predictions.
The bigger picture, however, is that this is not an isolated incident, but only a part of a bigger problem. The entire marketing firms and the whole advertising ecosystem operates in this way as well. Some even see it as a pure threat to democracy. Not many people understand just how much of their data are they giving away.
A lot of this data can be misused and there is a general fear about that. Harassment, identity thefts, and frauds are only some of them. Even blackmailing can come as a result of this. The worst thing is that you can never know who has such data and there is also a chance that it can appear on the dark web. If so, it would be publicly available, and probably up for sale.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.