Advertisement

GOP-hired data company leaked information on 198 million citizens

The data was stored on a publicly accessible Amazon server.

Data from the largely conservative Deep Root Analytics, a company that strategizes how to target audiences for political advertisements, was exposed this month. Information on nearly 200 million US citizens, over 60 percent of the population, was contained in the leak.

Discovered by an analyst with the cybersecurity company UpGuard, the data was stored on a publicly accessible Amazon server. More than a terabyte of that data was not password protected. The data included citizens' contact information, addresses, birthdays, and analyses used to predict how they felt about controversial political topics like gun control and abortion.

The Republican National Committee paid Deep Root nearly a million dollars last year for their work during the election. While some of the data came from Deep Root itself, a lot of it was aggregated from outside sources such as other data firms, Republican super PACs, and even Reddit. One subreddit the company compiled data from was the now banned r/fatpeoplehate, which according to FiveThirtyEight is where a lot of r/The_Donald subreddit members spent time when not discussing politics.

The exposure occurred when Deep Root updated its security settings at the beginning of the month and the company has hired a cybersecurity firm to investigate the issue. But the company doesn't think any malicious parties accessed the data during the 12 days that it was exposed. In a statement, Deep Root said, "Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access."

"While the scale and significance of this data exposure is nearly unprecedented, misconfigurations of the type that rendered the database public are not. With cyber risk increasingly endemic on all digital platforms, this exposure is a reminder that we must all begin fostering cyber resilience, or risk a future of these kinds of breaches," said UpGuard in a statement.