A Republican data analysis company called Deep Root Analytics left exposed an online database containing the personal information of almost all of America’s 200 million registered voters, the cyber security firm UpGuard has found.
The data contained in the breach includes an unsettling amount of personal information, including voters’ first and last names, birth dates, home and mailing addresses, phone numbers, registered party, self-reported racial demographic and voter registration status.
A Deep Root spokesman confirmed the breach in an email to HuffPost, saying, “We take full responsibility for this situation.”
The company added it is undertaking a full review of the lapse, which is believed to have begun June 1 and lasted through June 14. UpGuard Cyber Risk Analyst Chris Vickery, who found the files, notified federal authorities of the exposure.
Deep Root said it believes only Vickery accessed the database during that time.
Vickery was able to download 1.1 terabytes of “entirely unsecured” data, which uses 9.5 billion data points to describe 198 million potential U.S. voters’ likely political preferences across 48 different categories. Those categories span nearly every major political debate, including a voter’s likely stance on abortion, gun control, stem cell research and environmental issues.
The exposure of such personal data for so many voters is the largest breach of its sort.
“It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate.”
Vickery’s colleague, UpGuard reporter and analyst Dan O’Sullivan, looked himself up in the database and was taken aback by the RNC’s analyses. “It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate,” he wrote.
Most of the data appears to have originated from Republican super-Political Action Committees and other external collection firms, and not with Deep Root itself.
Large caches of text appear to have been scraped from Reddit, while other folders seem to have been named to track the origin of the data each contains. UpGuard reported that American Crossroads, the super-PAC Republican strategist Karl Rove helped start, likely contributed data, as did a company called Data Trust, which boasts a mission of “continually develop[ing] a Republican and conservative data ecosystem through voter file collection, development, and enhancement.”
Last January, Vickery found a database with 56 million records that appeared to belong to a right-wing Christian organization. In addition to more standard information like a person’s name and address, it included individual income levels, whether they donated to religious organizations, where they worked, and whether they were politically conservative.
In 2015, Vickery uncovered a database of 191 million voter records that didn’t seem to have an owner.
UpGuard notes the recent lapse also eclipses political data breaches in other countries, including those for 93.4 million Mexican voters and 55 million voters in the Philippines, both of which occurred in April 2016.