COLUMBUS (WPRI/WCMH) — The personal information of 198 million American voters was accidentally exposed online due to an improperly configured security setting on a server owned by GOP analytics firm Deep Root Analytics.
The company, which claims to be the “most experienced group of targeters in Republican politics,” works with the Republican National Committee to make decisions on buying television advertising air-time.
“This the DNA of voter analysis,” UpGuard cyber risk analyst Chris Vickery told CNNTech. “This is exactly what they use to determine how someone is likely to vote on a specific issue.”
Vickery said he discovered the data leak on June 12th. UpGuard said the unsecured data included names, dates of birth, home addresses, phone numbers, voter registration details and social media posts.
In a statement posted to its website, the company said, “Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge.”
“If they didn’t have that file password protected or encrypted, it’s easily obtained by people on the internet who want to use that information for the wrong reasons,” said Gian Gentile, of SecurityRI, a security company based in North Providence.
“The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices,” according to Deep Root Analytics.
In fact, this same voter information is publicly available in the state of Ohio. One such website allows you to search by a person’s name. It’ll then give you their home address and their party affiliation.
It’s unclear if any of the unsecured data was accessed by anyone with criminal intentions, but cybersecurity experts say you should take steps to protect your identity, just in case.
Start by checking your accounts often to monitor for fraudulent activity. Strong passwords are also important.
“I would definitely go with special characters, caps locks, lower case, and maybe once a month, switch it up,” Gentile said.
You should also make sure your security questions aren’t easy to crack.
“Your security questions shouldn’t be all personal easy ones like, ‘What’s my dog’s name?’ ” Gentile said. “You can easily stalk someone on a social media account and find that type of information.”
The full statement from Deep Root Analytics:
Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge.
Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.
The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.
Deep Root Analytics maintains industry standard security protocols. We built our systems in keeping with these protocols and had last evaluated and updated our security settings on June 1, 2017.
We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked.