The personal details of 198 million American citizens have been revealed online. The accidental data leak was made by a TV media analytics firm that worked for the Republicans during the Trump campaign. That firm is called Deep Root Analytics and it has inadvertently dumped sensitive data pertaining to 61% of the entire population of the US online for anyone to access.
In total, a whopping 1.1 terabytes of private data has been leaked online. Among that data are the home addresses, dates of birth, telephone numbers, and political views of well over half of the US population. In terms of total numbers of US citizens affected, this is easily one of the biggest data leaks ever to have affected the US.
The database was discovered last week by a cyber-risk analyst from the cybersecurity firm UpGuard. Researcher Chris Vickery found the database on a publicly accessible Amazon server owned by Deep Root. The data is believed to be a mingle of information gleaned from various sources, including now-banned Reddit threads and fundraising committees working with the Republican party during the Trump campaign.
Unbelievably, the data is said to have been left on a publicly accessible server by accident (as opposed to leaked on purpose by hackers). Even more troubling, the cache of data had last been updated in January, just after Trump’s inauguration, and had been sitting there – available to all and sundry – since God only knows when.
“Anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory,” said UpGuard in its statement.
Alex Lundry, the founder of Deep Root Analytics, has released a statement accepting responsibility for the release of this massive treasure trove of data:
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked.
“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
The database is said to have been used by influential organizations with ties to the Republican party. The cache of data creates a detailed profile of the US electorate. BestVPN.com reached out to Deep Root Analytics (DRA) and a spokesperson for the firm told me the following about how the database is used:
“Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is proprietary analysis to help inform local television ad buying.”
A quick look at the database reveals that many of the fields remain empty. The reason for this is that DRA is constantly improving and updating its database and is clearly in the process of figuring out personal details about the US population.
A blog about the leak written by Dan O’Sullivan appears on UpGuard’s website. In the post, O’Sullivan expressed disbelief at the lax way in which such sensitive data was handled by this independent contractor:
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling.
“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
Other details contained within the publicly available database include people’s suspected religious affiliations, their ethnicity, and their political biases. These political beliefs even go as far as to disclose people’s opinions on gun control, the right to abortion, and stem cell research. How this data was collected is still somewhat of a mystery, but the level of detail amassed about such a large proportion of the US population is truly alarming. I asked the firm exactly how it had amassed such a massive cache of personal data about US citizens, but DRA ignored my line of questioning.
Frederike Kaltheuner, the policy officer at digital rights advocacy group Privacy International, has expressed his serious discontent with what is the largest ever breach of information regarding the US electorate. Rightly, Kaltheuner rings alarm bells about the shady methods employed to affect the outcome of elections:
“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behaviour, opinions and beliefs that people have never decided to disclose to anyone.
“It is a threat to the way democracy works. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have realised that the data they entrusted to one organisation would end up in a database used to target them politically.
“You should be in charge of what is happening to your data, who can use it and for what purposes.”
Who We Are
Sadly, nowadays, personal data has become a currency that holds immense value. Corporations like Google and Facebook hungrily eat up all the data they can in order to create ever better profiles of the general public.
What’s more, this year the Trump administration made it legal for Internet Service Providers (ISPs) to sell web browsing histories to third parties. Companies like Deep Root Analytics are exactly the type of firms we can expect to see striking deals with US ISPs. After all, web browsing histories contain the information that would allow DRA to finish plugging the holes in their frighteningly invasive database.
In fact, with a person’s entire web browsing history available to the highest bidder, there is very little that firms like DRA couldn’t figure out about people. The way that this allows political parties to campaign is nefarious to say the least, and with results that can be proven statistically, private firms like DRA hold a massive amount of power over the way that democracy is enacted in the modern age.
Knowing just how powerful this type of data can make someone, makes it all the more shocking that it was freely available online. The potential for abuse is massive and could involve identity fraud, harassment, and/or intimidation of people with specific political views.
Paul Fletcher from the security firm Alert Logic believes that the database has probably already made it onto the dark web, which means that those powers could have gotten into just about anybody’s hands.
Opinions are the writer’s own.
Title image credit: kb-photodesign/Shutterstock.com
Image credit: Eric C Roberts/Shutterstock.com, Photon photo/Shutterstock.com