Sign up for Digg's morning newsletter The best stories of the day, in your inbox
Subscribe Now
Hide
Video Data Viz Movies and TV Real Estate Internet Culture News One Main Character Memes Relationships Gaming More Less
If You're A Registered Voter, Your Information Was Exposed In A Massive Data Breach 
THE BIGGEST KNOWN BREACH EVER
·Updated:
·

​Bad news if you're a participant in democracy: The personal information of potentially every single registered American voter was exposed by an extremely careless Republican data firm. The breach was discovered by an analyst working for the cyber resilience firm UpGuard, who found voters' "names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as 'modeled' voter ethnicities and religions" on a publicly accessible Amazon server.

The server belonged to a Republican data firm called Deep Root Analytics, which contracted with the Republican National Committee to work for Donald Trump's campaign. UpGuard first stumbled across it a week ago.

In the early evening of June 12th, UpGuard Cyber Risk Analyst Chris Vickery discovered an open cloud repository while searching for misconfigured data sources on behalf of the Cyber Risk Team, a research unit of UpGuard devoted to finding, securing, and raising public awareness of such exposures. The data repository, an Amazon Web Services S3 bucket, lacked any protection against access. As such, anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump's presidential victory, simply by navigating to a six-character Amazon subdomain: "dra-dw".

[UpGuard]


Alex Lundry, a co-founder of Deep Root Analytics, told Gizmodo that the "data was exposed after the company updated its security settings on June 1." Vickery says the server was secured shortly after he reported the unsecured server to federal authorities on June 14, which means that the data was publicly available for a period of 14 days.

Lundry told ZDNet that the firm takes "full responsibility" for the exposed data but also emphasized that a portion of the data was "publicly available."

"Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge," said Lundry.

"The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.

"We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," he said.

[ZDNet]


Gizmodo points out that even publicly available information can be used for nefarious purposes.

Even though voter rolls are public record and are easy to access — Ohio, for instance, makes its voter rolls available to download online — their exposure can still be harmful.

Voter registration records include ZIP codes, birthdates, and other personal information that have been crucial in research efforts to re-identify anonymous medical data. Latanya Sweeney, a professor of government and technology at Harvard University, famously used voter data to re-identify Massachusetts Governor William Weld from information in anonymous hospital discharge records. 

[Gizmodo]


What's more, the "proprietary information" in the breach includes predictions about what voters believe about particular issues, and Deep Root Analytics may even have attempted to match Reddit users to their voter registration records.

[T]he records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.

[Gizmodo]


The breach isn't the first time data about American voters has been exposed, but it is the biggest known voter-related breach, affecting 61% of the entire US population.

The Deep Root incident represents the largest known leak of Americans' voter records, outstripping past exposures by several million records. Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files, some of which paired voter data—name, race, gender, birthdate, address, phone number, party affiliation, etc.—with email accounts, social media profiles, and records of gun ownership.

[Gizmodo]

Want more stories like this?

Every day we send an email with the top stories from Digg.

Subscribe