For two weeks in June, the personal information of nearly every U.S. voter was available on a publicly accessible Amazon cloud server after a marketing firm hired by the Republican National Committee (RNC) failed to password protect its data.
The BBC reports that the leak represents the largest breach of electoral data in the U.S. to date, leaving the information of nearly 200 million registered voters exposed. While the leaked files did not include voters’ Social Security or credit card information, they did include personal details, such as their birthdates, home addresses, and telephone numbers. In some cases, voters’ ethnicities, religions, and political views were also made available.
As a political data firm that worked with more than a dozen GOP committees during the 2016 election, Deep Roots likely intended to use the information to identify audiences for conservative advertisements. While this kind of data collection is common, the fact that it was so easily made public is cause for serious concern. According to Chris Vickery, the cybersecurity researcher who first discovered the unprotected files on June 12, the data included voter histories, as well as information about where voters stood on sensitive issues like abortion, gun ownership, and stem-cell research. Some of the information also detailed how voters felt about Wall Street, pharmaceutical firms, and the Affordable Care Act. All together, the information could leave voters open to identity theft, or even harassment.