Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date.
This blunder was caused by Deep Root Analytics (DRA)
, a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server.
Chris Vickery, a security researcher at UpGuard, who discovered
the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA.
Vickery is the same security researcher who discovered over 191 million voter records
stored in an unsecured database in late 2015. In April, Vickey also reported information on 93 million Mexican voters.
Vickery discovered the exposed databases on June 12, which included uniquely identified data on each voter, including their first and last name, date of birth, phone number, home and mailing address, party affiliation, voter registration data, and ethnicity, along with a flag should the person appear on the federal Do-Not-Call registry.
Deep Root Analytics, which is a big data analytics firm that helps advertisers identify audiences for political ads, confirmed
to the Gizmodo in a statement on Monday, saying "We take full responsibility for this situation.
However, the server was secured two days later after Vickery responsibly reported the blunder to the federal regulators.
You would be surprised to know that the Republican National Committee paid Deep Root nearly a Million dollars between January 2015 and November 2016 for their work during the election and another $4.2 Million to TargetPoint.
It is believed that the US voters data was also compiled by at least two other contractors, TargetPoint Consulting Inc. and Data Trust.
According to the report, a smaller folder for the 2016 election included in the database contained files for Ohio and Florida, arguably the two most crucial battleground states.
Another folder named 'data_trust' appears to reference Data Trust, was entirely downloadable by any individual accessing the URL of the database and contained two massive stores of personal information collectively representing 198 million potential voters.
"Consisting primarily of two file repositories, a 256 GB folder for the 2008 presidential election and a 233 GB folder for 2012, each containing fifty-one files - one for every state, as well as the District of Columbia," explained UpGuard's Dan O'Sullivan in a blog post.
Also, one folder called "Post-Elect 2016" contained information on voters’ likely views about topics like whether they voted for former President Barack Obama and US President Donald Trump’s "America First" foreign policy.
Deep Root has contracted a security firm, Stroz Friedberg, to perform a thorough investigation of the data exposure.