More than 198 million Americans—that's about 61% of the US population, as Gizmodo points out—had personal information and political data exposed this month. It includes home addresses, birthdates, phone numbers, plus data used to predict which way they might vote on specific issues and what religion and ethnicity they might be. UpGuard cyber risk analyst Chris Vickery discovered last week that Deep Root, a marketing firm contracted by the Republican National Committee, stored the data on an Amazon cloud server with no password, meaning anyone who found the URL could access it. (It has since been secured, per the Hill.) In a post about the discovery Monday, UpGuard calls it "the largest known data exposure of its kind," pointing out that the data covers almost all of the 200 million registered voters in the US.
The data included in the leak was gathered from many sources, from Karl Rove's super PAC to a banned subreddit. Much of the data originated from data firms other than Deep Root, some of whom were also paid by the RNC, but Deep Root's founder tells Gizmodo the firm takes "full responsibility for this situation." The data first became exposed June 1 after Deep Root updated its security settings, the founder says, and the company has hired a cybersecurity and digital forensics firm to investigate the fallout. So far, it seems Deep Root's systems were not hacked and no malicious third parties accessed the data while it was exposed. Though some of the data involved is publicly accessible, experts say that having all of the data involved combined and available in one database is a big concern. "This is valuable for people who have nefarious purposes," says one.