Confidential personal information related to nearly 200 million US citizens have been leaked by chance by a marketing company signed up by the Republican National Committee.
The 1.1 terabytes of data contains date of birth, Residential addresses, telephone numbers and governmental aspects of almost 62% of the whole US population.
The information was accessible on a publicly approachable Amazon cloud server.
Everyone could get that data since they had a link to it.
Political partiality exposed
The massive cache of data was found last week by Chris Vickery, a cyber-risk investigator with security firm UpGuard. The news looks like to h ave been gathered from a wide range of sources – from report questionable banned threads on the social media Reddit, to committees that raised funds for the Republican Party.
The news was saved in spreadsheets transmitted to a server possessed by Deep Root Analytics. It was updated in January when President Donald Trump was introduced and had been online for an unexplained duration of time.
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Deep Root Analytics’ founder Alex Lundry told technology website Gizmodo.
“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
Other than personal informations, the data also included citizens doubtful spiritual connections, ethnicities and governmental favoritism.
The name of the file and directories pointed that the information was intended to be used by powerful Republican political organizations. The thought was to attempt to make a profile on as many voters as possible applying all accessible information , if any answer could not be found, some of the fields in the spreadsheets were kept vacant.
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.
“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
Even though it is known that political parties regularly collect data on voters, this is the largest violation of electoral data in the US to date and privacy specialists are worried about the sheer extent of the data collected.
“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behavior, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International’s policy officer Frederike Kaltheuner told the BBC News website.
However, the matter of information collection and using computer design to forecast voter attitude is not just restricted to marketing companies – Privacy International says that the whole online promoting ecosystem conducts in the same way.
“It is a threat to the way democracy works. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have realized that the data they entrusted to one organization would end up in a database used to target them politically.
“You should be in charge of what is happening to your data, who can use it and for what purposes,” Ms Kaltheuner added.
There are concern that exposed information can freely be used for horrible intentions, from identity theft to molestation of people under security arrangements, or to frighten people who hold an rival political aspect.
“The potential for this type of data being made available publicly and on the dark web is extremely high,” Paul Fletcher, a cyber-security evangelist at security firm Alert Logic told the BBC.