Voter Registration Data Breach: Unsecure Server Leaves Info On Nearly 200 Million Americans Exposed

A massive collection of nearly 200 million voter registration files that can be used to identify American voters have been discovered online on an unsecure server, ZDNet reported Monday.

The 198 million records were found on an Amazon storage server owned by Republican data analytics firm Deep Root Analytics. Contained in the records is personal information and voter polling data associated with millions of registered U.S. voters.

Read: Did Russia Hack U.S. Election? NSA Details Attempts To Compromise Election Systems, Report Says

The data was first found by Chris Vickery, a cyberrisk analyst at security firm UpGuard. Vickery was able to verify the exposed data was legitimate and disclosed his findings to Deep Root Analytics last week. The server housing the data has since been secured.

Each record in the database listed the voter’s name, date of birth, home address, phone number and voter registration details including party affiliation. The data sets also listed a voter’s ethnicity and religion, as well as other data relevant to a person’s political identity.

Some of the records found in the leak appear to have been provided to Deep Root Analytics by Data Trust, a data warehouse developed by the Republican Party to act as its primary provider of voter records. Data Trust sells voter data to political candidates and organizations, which use the data to target voters for advertising and other outreach.

UpGuard discovered folders within the database that came from Data Trust. Those folders held spreadsheets that contained data and personal information associated with people who voted for Republican candidates in the 2008 and 2012 presidential campaigns.

Read: Voter Registration Hacking? FBI Says Attempts Made On More Than A Dozen States

Also found on the exposed server was several gigabytes of data from TargetPoint, a market research group that works with conservative politicians to help them craft and communicate their message to voters. Those files included a rating system that showed a voter’s likelihood of supporting a policy or candidate on a scale of “very unlikely” to “very likely.”

Deep Root Analytics said in a statement to ZDNet it accepts full responsibility for exposing the server. The company said it is investigatiing what happened, but at the moment does not believe it was hacked.

Of course, Deep Root Analytics doesn’t have to be hacked for that data to be stolen; it’s sitting out in the open on a server. Vickery discovered and reported the server but it’s unclear if he was the first to get to the data or if someone else may have had access first.

Deep Root Analytics downplayed the potential threat the leak may have for individuals. “The data that was accessed was, to the best of our knowledge, proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the company said.

Still, the company has taken steps to secure the server and make sure such unauthorized access does not occur again.

The Deep Root Analytics leak is just the latest instance of voting records being exposed — though it appears to be the largest case thus far. Previously, 191 million records were exposed by data company i360. Prior to that, 154 million records were exposed and contained insights like a voter’s social media profiles and gun ownership status.