A data firm working for Republican clients, including the Republican National Committee, left databases containing the personal information of more than 198 million voters exposed on an unsecure Amazon cloud server, a cyber company discovered.
Chris Vickery, a cyber risk analyst for UpGuard, came across the data, which includes the names, birth dates, home addresses, phone numbers and voter registration information belonging to nearly all 200 million people registered to vote in the U.S.
The database also contacted a 50-gigabyte file containing modeled data on a voter's position on 46 different issues, including how likely it is the voter supported Obama in 2012, whether they agreed with President Trump's "America First" foreign policy and how likely they were to be concerned with auto manufacturing as an issue, for example.
The data was stored on a server belonging to Deep Root Analytics, which compiled the information with two other RNC contractors, TargetPoint Consulting and Data Trust.
Deep Root Analytics also works with many other Republican groups and the RNC said it only had a small contract with the company. No proprietary data from the RNC was left unsecured and the data that was left unsecured did not belong to the RNC.
Information also stored in the same data repository, but not available to the public, came from American Crossroads, a super PAC co-founded by Karl Rove and a banned subreddit.
UpGuard said 1.1 terabytes of data was stored on the Amazon cloud server without any password protection.
Vickery discovered the data June 12 while searching for misconfigured data sources. The server was then secured June 14 after he notified law enforcement of his findings.
"This disclosure dwarfs previous breaches of electoral data in Mexico (also discovered by Vickery) and the Philippines by well over 100 million more affected individuals, exposing the personal information of over 61 percent of the entire US population," UpGuard said.
The database discovered by UpGuard includes the names and addresses of voters, including an "RNC ID" the company used alongside other files to piece together information on voters by name.
UpGuard analyst Dan O'Sullivan looked himself up to verify the information compiled, and found its accuracy was "a testament both to their talents and to the real dangers of this exposure."