A marketing firm hired by the Republican National Committee stored personal information gathered on more than 198 million U.S. voters on a publicly accessible server.
Chris Vickery, a cyber risk analyst for “cyber resilience” company Upguard, discovered the unsecured database last week.
Republican analytics firm Deep Root Analytics on Friday confirmed to Gizmodo that it owned the voter data, which was stored on an unprotected Amazon server and accessible to anybody with the database’s web address.
The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.
The Deep Root incident represents the largest known leak of Americans’ voter records, outstripping past exposures by several million records. Five voter-file leaks over the past 18 months exposed between 350,000 and 191 million files, some of which paired voter data—name, race, gender, birthdate, address, phone number, party affiliation, etc.—with email accounts, social media profiles, and records of gun ownership.