A data analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million US citizens earlier this month, as its database was left exposed on the open web for nearly two weeks. Deep Root Analytics, a conservative data firm contracted by the RNC as part of a push to ramp up its voter analytics operation in the wake of Mitt Romney’s defeat in the 2012 presidential election, stored details about approximately 61% of the US population on an Amazon cloud server without password protection for those two weeks.
Gizmodo first reported the leak, which was discovered by UpGuard cyber risk analyst Chris Vickery. “I find data breach situations like this all day long, every day,” Vickery told Business Insider on Monday. “Companies don’t realize their employees are cutting corners, and mistakes get made. It’s an absolute epidemic.”
The data, according to UpGuard’s analysis, “included 1.1 terabytes of entirely unsecured personal information compiled by Deep Root Analytics and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as ‘modeled’ voter ethnicities and religions.”