Sensitive personal details of nearly 200 million Americans have been exposed online due to an error by a marketing and analytics firm operating on behalf of the Republican National Committee (RNC). Political opinions of the millions affected were also revealed.
The 198 million people affected constitute around 60 percent of the country’s population.
Home addresses, dates of birth and phone numbers were exposed, along with political voting preferences, after the company stored internal documents on an Amazon cloud server accessible by the public.
Banned Reddit threads
Chris Vickery, a cyber-risk analyst with security firm UpGuard, discovered the 1.1 terabytes of data recently.
The sources from which the data came were huge in number and variety, and appear to include posts on banned Reddit threads, as well information collected by Republican Party fund-raising committees.
The information was contained on spreadsheets uploaded to a server owned by Deep Root Analytics, whose founder Alex Lundry told Gizmodo:
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”
He added that access settings have now been updated to prevent easy public access to the data.
Gun control and religious associations
Along with personal details, religious associations were displayed among the data. Political opinions revealed were on many subjects, including on issues like gun control and abortion.
The company involved was, it appears, supposed to be helping Republican political organizations to build voter profiles.
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.
“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
A threat to democracy
“This is not just sensitive, it’s intimate information, predictions about people’s behavior, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International’s policy officer Frederike Kaltheuner told the BBC News website.
He suggest that the problem could even represent a threat to the workings of democracy.
Kaltheuner notes that individuals would not have been aware the data they trusted certain organizations with would find its way onto a database the purpose of which was to build political profiles.
The kind of information stored is not unusual, and this sort of behavior would be expected from any campaign by either the Democrats or the Republicans. However, the fact that it is a vast collection all stored in one place, and was so easily accessible, is concerning.
A goldmine for criminals
As well as being potentially troubling for any individual whose name and opinions were revealed to be on the list, access to such data could be used for criminal purposes.
Identity theft and stalking are potential threats, as is the possibility of the data being used for social engineering, such as convincing companies to reveal even greater amounts of sensitive data.
Data on the public’s opinions, interests and preferences are highly valuable to commercial organizations as well as political ones. With so much data now accessible it is inevitable that organizations will try to get their hands on as much of it as possible.
This may be a little unethical, and using the data to then further whatever aims they have perhaps a little more so. Nevertheless, it’s something most of us have come to grudgingly accept.
Exposing the data to the general public and potentially to criminals, though, is without doubt unacceptable.