Personal data of U.S. voters exposed online
Detailed information on nearly every U.S. voter was left exposed online for two weeks by a political consultancy that works for the Republican National Committee.
Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy that works for the Republican National Committee and other GOP clients.
The data offered a strikingly complete picture of the voting histories and political leanings of the American electorate laid out on an easily downloadable format, said cybersecurity researcher Chris Vickery. He discovered the unprotected files of 198 million voters in a routine scan of the internet last week and alerted law enforcement officials.
The precision and volume of the information, including dozens of data points on individual Republicans, Democrats and independent voters, highlights the rising sophistication of the data-mining efforts that have become central to political campaigns.
“They’re using this information to create political dossiers on individuals that are now available for anyone,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “These political data firms might as well be working for the Russians.”
Voting histories
The data found by Vickery, who studies cybersecurity risk for the Silicon Valley startup UpGuard, was compiled by GOP political consultant Deep Root Analytics, based on voter lists kept by the RNC and augmented by other sources.
Deep Root did not disclose those sources, but political research firms for years have been collecting information on voters from data brokers, social media postings, polling and other contacts with voters.
The company also kept information on Americans’ voting histories and their reported enthusiasm for Trump, Vickery said. Some of the files assigned voters a score based on their views of 46 different issues ranging from immigration to trade. Nearly 170 gigabytes of the exposed data consisted of social media posts scraped from Reddit, he added.
RNC strategy exposed
Among the data are unique RNC identifiers for each voter, Vickery said. The files also potentially offered insight into party strategy for tracking and organizing voters.
“What is alarming about this now is that I believe it’s the first time RNC IDs and model data have been exposed,” said Matt Oszcowski, a veteran GOP political data strategist who has started his own political fundraising company, Campaign Inbox. “This is not just a list of people; this is unique proprietary information which gives away (Republican) strategy and informs on targeting and methodology.”
The files do not appear to include Social Security or credit card information, as has leaked in some major commercial data breaches. Nor is it clear if anyone other than Vickery gained unauthorized access to the files during the two weeks they were left without a password or other security before the problem was discovered on June 12.
The voter files found by Vickery, he said, added up to “billions of data points” that, in the wrong hands, could easily be abused.
“With this data you can target neighborhoods, individuals, people of all sorts of persuasions,” said Vickery. “I could give you the home address of every person the RNC believes voted for Trump.”