A Republican data analytics firm left a massive cache of voter information exposed on a publicly accessible server.
The 1.1-terabyte database belonging to Deep Root Analytics contained the names, birth dates, home addresses, phone numbers and registration information of more than 198 million Americans.
“Among these files were clear indications of the repository’s political importance, with file directories named for a number of high-powered and influential Republican political organizations,” wrote UpGuard security researcher Chris Vickery and journalist Dan O’Sullivan in a blog post exposing the breach.
During the 2016 election, Deep Root partnered with Data Trust, the Republican National Committee’s designated data firm, to model the 2008 and 2012 electorates.
The database that was exposed online included folders for 2008 and 2012 with 51 spreadsheets each — one for every state plus Washington, D.C., all containing detailed voter information.
Deep Root has confirmed the authenticity of the database.
“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” Alex Lundry, the company’s founder, told Gizmodo.
UpGuard’s team discovered that the company hosted an additional 24 terabytes of data that was not publicly accessible, including documents related to GOP strategist Karl Rove’s American Crossroads super PAC.