Firm contracted by RNC left millions of voter files unsecured online
Go Deeper.
Create an account or log in to save stories.
Like this?
Thanks for liking this story! We have added it to a list of your favorite stories.
Updated at 11:30 a.m. ET
So it seems that it's not only Democrats who have trouble keeping their digital information secure online. An extensive database of information about 198 million Americans collected by a contractor hired by Republican groups was obtained by a security researcher, who found it on an Amazon server, with not even a single password protecting it.
The data included home addresses, birth dates and phone numbers of voters from both parties. It was discovered by Chris Vickery, a cyber-risk analyst with the firm UpGuard.
The data was compiled by Deep Root Analytics, which advises campaigns on political TV advertising and was contracted by the Republican National Committee, and other GOP groups. In a statement to NPR, Deep Root said since being made aware of the data breach, it has updated the access settings and put protocols in place to prevent further access. The company said it had last evaluated and updated its security settings on June 1, suggesting that access settings were changed later. "We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," the company said in a statement, adding that Vickery was "the only entity that we are aware of that had access to the data."
Turn Up Your Support
MPR News helps you turn down the noise and build shared understanding. Turn up your support for this public resource and keep trusted journalism accessible to all.
The unprotected data included information on voters' positions on issues from gun ownership to abortion as well as religious affiliation and ethnicity. It was amassed from public sources as well as less public ones, which Gizmodo reported ranged from "the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove."
Cybersecurity played a big role in the 2016 presidential campaign — with Republicans mostly pointing fingers at Democrats. The hacking of emails from the DNC and Clinton campaign manager John Podesta became a major pre-election controversy. Intelligence officials blamed the hacking on Russia, and it indirectly set in motion the current investigation of Russian meddling into the 2016 election and possible Trump campaign officials' ties to Russia.
Then-candidate Trump made an issue of the DNCs hacks, tweeting, "Gross negligence by the Democratic National Committee allowed hacking to take place. The Republican national committee had strong defense!"
Well, maybe not as strong as Trump thought.
In January, then-FBI Director James Comey testified there had been "penetration on the Republican side of the aisle and old Republican National Committee domains," but he said none of those emails had been released. He said then there was no evidence that the current RNC or the Trump campaign had been hacked.
It may just prove that in the digital age there are two types of people, those who have had their data hacked, and those who haven't had their data hacked — yet. Copyright 2019 NPR. To see more, visit https://www.npr.org.
Clarification (2017-06-20 04:00:00 UTC):
We have updated this story to make clear that the exposed data belonged to the company Deep Root, not the Republican National Committee, and that Deep Root had been contracted not just by the RNC, but also by other Republican groups.