The personal details of nearly 200 million voters have been accidentally exposed in the largest U.S. leak of voter data, according to a security expert.
Information on more than 198 million American voters was left exposed to the Internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump, reports Chris Vickery, a cyber-risk researcher at UpGuard.
The data, he explained in a blog post, was stored in a publicly available cloud server owned by Republican contractor and data firm Deep Root Analytics (DRA). This included 1.1 Terabytes of unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting and Data Trust.
Information on the misconfigured database included names, dates of birth, home addresses, phone numbers and voter registration details, according to Vickery, as well as data described as “modeled” voter ethnicities and religions.
Vickery found the data, which were hosted on Amazon Web Services, on June 12 while searching for misconfigured data sources. The files, he said, lacked any protection against access. The voter data was secured against public access on the night of June 14, shortly after Vickery notified federal authorities.
“The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012,” Vickery wrote.
In a statement released Monday, Deep Root Analytics said a number of files within its online storage system were accessed without the contractor’s knowledge.
The company explained that it builds voter models to enhance advertisers’ understanding of TV viewership. “The data accessed was not built for or used by any specific client,” it said. “It is our proprietary analysis to help inform local television ad buying.”
“The data that was accessed was, to the best of our knowledge, proprietary information as well as voter data that is publicly available and readily provided by state government offices,” it said.
Access was gained following a change in access settings since June 1, according to the company. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” it added. “We take full responsibility for this situation.”
The company has launched an internal review of the leak and has brought in cybersecurity firm Stroz Friedberg to conduct an investigation. Based on information gathered so far, Deep Root Analytics does not believe that its other systems have been hacked.
Gaurav Banga, CEO of breach prediction specialist Balbix, said that the incident highlights the risks facing organizations and enterprises. “These kinds of vulnerabilities speak to a comprehensive lack of awareness about your risk environment that is pervasive in both corporate and government sectors,” he explained, in a statement emailed to Fox News.
According to research from security company RedLock, 82 percent of databases in public cloud computing environments are not encrypted. The research also found that 31 percent of databases in public cloud environments are openly available on the Internet.
The security of voter data has been in the spotlight recently. Last month, for example, a researcher identified a security failure that left nearly 7 million Georgia voter records exposed.
TargetPoint Consulting and Data Trust have not yet responded to a request for comment on this story from Fox News.
Follow James Rogers on Twitter @jamesjrogers