The personal details of over 198 million US citizens have been accidentally exposed on the internet by a marketing firm in what experts are calling the largest known data leak of its kind.
Details included names, addresses, telephone numbers and even political views.
The firm in question was hired by the Republican National Committee as a means of better understanding voters and thus helping them engage with voters better.
The leak was discovered on the 12 June by security firm UpGuard who found a cloud database that wasn’t password protected containing over 1.1 terabytes of information.
What makes it all the more staggering is that while it accounts for a little over 60 per cent of the US population it actually includes almost every person registered to vote in the United States.
The RNC hired Deep Root Analytics to compile a huge database that could be turned into a huge encyclopaedia for understanding the American voter.
It contained not only personal details but information scraped from websites such as Reddit.
The last time the database was updated was in January when the 2017 Presidential Inauguration took place.
In a statement to Gizmodo, Deep Root founder Alex Lundry said:”We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked,”
While this latest leak can’t compare to the billion users that were affected by the Yahoo hack it’s more the quality of the information that was leaked that is so alarming.
Rather than being a meaningless collection of numbers and names this database was a insightful overview of the entire US electorate.
Commenting on the leak, David Kennerley, director of threat research at Webroot said: “This is a clear example of poor data privacy and storage practice by the marketing company. The data was made ready available on a public and easily accessible Amazon cloud server, with no additional security protection in place.”
“IT departments need to start taking a lead role in ensuring that employees are following well-maintained security policies regarding the use of cloud solutions to ensure something like this doesn’t happen again.”