The personal details of 198 million United States citizens, approximately 61 percent of the population, was leaked by a data firm under contract with the Republican National Committee.
According to Gizmodo, Deep Root Analytics stored massive amounts of information, such as potential voters' names, addresses, phone numbers, and birth dates, on a publicly accessible Amazon cloud account resulting in what some experts believe is the largest ever leak of its kind.
"In terms of the disc space used, this is the biggest exposure I've found. In terms of the scope and depth, this is the biggest one I've found," Chris Vickery, a researcher of the online security of sensitive information, told The Hill.
An analyst for the cybersecurity firm UpGuard, Vickery found the files last week. Twenty-five terabytes of sensitive data, including over one terabyte of data that could be easily downloaded by any hacker who obtained the URL, were stored without a password.
Bill Daddi of Deep Root Analytics told The Intercept that they were investigating the unprecedented leak. In a statement, he said that they do not see any evidence so far to indicate this was a hack job.
"We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," he said. "To date, the only entity that we are aware of that had access to the data was Chris Vickery."
The now-secured files contained information, commonly used by political campaigns, to help the GOP target specific voting populations. The collection of citizens' details, some of which is already available to the public, has been a key part of the Republican Party's recent political strategy. Deep Root Analytics was contracted by the GOP for $983,000 in 2016 and the firm works predominately with conservative groups, though this is not to say that the Democrats do not have their hands on their own data servers. In the age of technology, successful politics is defined by how you use it.
The personal data of potential voters is incredibly useful to those running political campaigns and millions are spent on analyzing the information to help win presidential elections. However, it is a double-edged sword; if the data is leaked it has the potential to impact American citizens in harmful ways. Still, that apparently hasn't inspired firms or political parties to be cautious and when personal information is exposed, like in the case of Deep Root Analytics, there isn't much in place in the form of retribution.
“Campaigns are very narrowly focused. They are shoestring operations, even presidential campaigns. So they don’t think of this as an asset they need to protect,” Joseph Hall, the chief technologist for the Center for Democracy and Technology, told Gizmodo. "I can think of no avenues for punishing political data breaches or otherwise properly aligning the incentives. I worry that if there’s no way to punish campaigns for leaking this stuff, it’s going to continue to happen until something bad happens."
So far, Deep Root Analytics doesn't suspect that anyone managed to get their hands on the exposed data. Yet while that could inspire a sigh of relief in some, there's not much in place to incentivize data firms to care enough to stop these incidents from happening again. Next time, Americans might not be so lucky.