Home Security American voter data left unsecured on Internet

Data on 198 million potential American voters was left exposed on the Internet without a password by a contractor for the US Republican National Committee, a researcher has found.

The exposed databases were part of a 25TB bunch of files in an Amazon Cloud account belonging to the data analytics firm Deep Root Analysis.

The account was found by Upguard employee Chris Vickery who regularly discovers such caches online. But he told The Hill that this discovery was much bigger than any he has seen before.

"In terms of the disk space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found," Vickery said. The files had a 198 million-entry database containing names, and addresses plus an "RNC ID" that could be used, in conjunction with other exposed files, to research individuals.

As an example, The Hill cited a a 50GB file of "Post Elect 2016" information, last updated in mid-January. It had modelled data about a voter's likely positions on 46 different issues ranging from "how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of 'America First' and how likely they are to be concerned with auto manufacturing as an issue, among others".

In its analysis of the discovery, Upguard wrote: "The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting and Data Trust.

"In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as 'modelled' voter ethnicities and religions.

Upguard said Vickery had found the database on 12 June, "while searching for misconfigured data sources on behalf of the Cyber Risk Team, a research unit of UpGuard devoted to finding, securing, and raising public awareness of such exposures".

It said that payments by the RNC to two of the companies totalled more than US$5 million. "Between January 2015 and November 2016, the RNC paid TargetPoint US$4.2 million for data services, and gave Causeway around US$500,000 in that time, according to Federal Election Commission reports. Deep Root, acting as Needle Drop, was paid US$983,000 by the RNC."

Upguard said the exposure raised serious questions about the level of privacy and security that Americans could expect for their most privileged information.

"It also comes at a time when the integrity of the US electoral process has been tested by a series of cyber assaults against state voter databases, sparking concern that cyber risk could increasingly pose a threat to our most important democratic and governmental institutions."

Commenting on the incident, Forcepoint chief executive Matt Moynahan said: "The accidental data leakage of 200 million American voter records is the latest example of an unfortunate but sobering reality – more often than not, data breaches are caused not by malicious hackers but by inadvertent errors made by employees.

"Regardless of whether organisations are securing data using on-premises or cloud-based technology, like in the case of Deep Root Analytics, organisations need to balance protecting privacy and understanding how their employees interact with critical business data and intellectual property.

"They should look at people and protect against those behaviours that could result in the loss of valuable data or IP. Governments and corporations would make sustainable progress against these sorts of breaches only with a blend of human-centric security technologies, policies, cultural changes and intelligent systems that can observe cyber behaviour and decipher intent."

CDAO SYDNEY TURNS 5 IN 2019

With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect