Anyone with an internet connection was able to access a huge database of personal information on US voters ahead of 2016 elections, a security firm says. The database helped the Republican Party's presidential campaign.
A data analytics firm that helped US President Donald Trump's election campaign exposed personal information on 198 million Americans, a security firm revealed on Monday.
Chris Vickery, a researcher at the consultancy Upguard, discovered a misconfigured database containing information on almost every registered US voter compiled by data analytics company Deep Root Analytics.
The information was used by the Republican National Committee to help win the 2016 presidential race.
The database contained "names, dates of birth, home addresses, phone numbers, and voter registration details," as well as data described as predicted data about voter behavior on policy preferences and likelihood of choosing a particular candidate.
Upguard said the database "lacked any protection against access" and was available to "anyone with an internet connection."
It described it as "a treasure trove of political data and modeled preferences used by the Trump campaign." It said the information was used to help influence potential voters and accurately predict their behavior.
Deep Root takes responsibility
Deep Root released statements confirming that files were accessed without its knowledge.
"The data that was accessed was, to the best of our knowledge, this proprietary information as well as voter data that is publicly available and readily provided by state government offices," the statement said.
"Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation."
"We do not believe that our systems have been hacked. To date, the only entity that we are aware of that had access to the data was Chris Vickery," it added.
Data breach hunter
Analyst Chris Vickery, a self-described "data-breach hunter," last year discovered a breach of 191 million voter records in Mexico. Upguard said the latest leak was the largest known breach of voter data in history, with the equivalent of 10 billion pages of text.
It said the database modeled voters' position on almost 50 different issues with the files offering insights into the algorithmic strategy used by Trump's campaign to target voters.
The exposure "raises significant questions about the privacy and security Americans can expect for their most privileged information," the researchers said.
"It also comes at a time when the integrity of the US electoral process has been tested by a series of cyberassaults against state voter databases, sparking concern that cyber risk could increasingly pose a threat to our most important democratic and governmental institutions."