Political data gathered on more than 198 million US citizens was exposed.
This month a marketing firm contracted by the Republican National Committee stored internal personal and political data on a publicly accessible Amazon server.
The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation, and ethnicity. Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.
UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.
The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.
The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.
Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.
What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.