Unsecured Data Warehouse Exposed Almost All American Voters To Risk
It has been confirmed that a Republican National Committee contractor has accidentally exposed the personal data of nearly 200 million Americans to risk.
On June 12, a researcher for UpGuard, Chris Vickery, discovered an unsecured Amazon S3 bucket maintained by a Republican-affiliated data analytics firm. Deep Root Analytics is a data analytics firm that helped the RNC target political advertisements and get out the vote efforts.
In total, there were more than 1 TB of data that contained addresses, phone numbers, birthdates, and political information relating to more than 60 percent of the U.S. population. In terms of registered voters, this collection included data on nearly the entire voting population, as 200 million people were registered to vote in the 2016 elections.
Aside from the personal information, the data warehouse also included information on citizens' religious affiliation, ethnicity, and stance on controversial political issues. Data collection is part of any political campaign, but the sheer scale of these efforts are bound to raise concerns among privacy advocates.
"This is deeply troubling," Privacy International's policy officer Frederike Kaltheuner told BBC. "This is not just sensitive, it's intimate information, predictions about people's behaviour, opinions and beliefs that people have never decided to disclose to anyone."
Deep Root Analytics' cofounder Alex Lundry has apologized for the lax security and has said that he does not believe their organization's data were hacked.
The data were collected from a wide range of sources such as forum threads, social networks, and organizations involved with the Republican Party. The goal of this operation was to give the GOP as much information as possible regarding voters. In that sense, it worked since such data were at the heart of Donald Trump's electoral victory.
Unsecured Data Warehouse
The problem is that these data were stored in an unsecured location that could be accessed by anyone with an internet browser. There wasn't even a simple password system in place. All it took to access this information was navigating to the Amazon sub-domain "dra-dw." The domain name was later determined to stand for "Deep Root Analytics Data Warehouse." A data warehouse is a term used to describe a large collection of data meant for analytical purposes.
The fact that this kind of data was left unsecured is yet another reminder that the election might be over, but the consequences will live on regardless of one's political leanings.
Eric Brackett Tech Times editor Eric Brackett is a tech junkie and a gamer, covering science and technology. Follow him on Facebook and Twitter for updates and his random thoughts on the latest trends in gaming, tech, and comic books.