To any nefarious hackers looking for information that could be used to sway elections or steal Americans’ identities, the file compiled by a GOP data firm called Deep Root Analytics offered all manner of possibilities.
There in one place was detailed personal information about almost every voter in the U.S. It was a collection of some 9.5 billion data points that helped the firm assess not only how those Americans would probably vote, but their projected political preferences. In some cases, the data collectors had scoured people’s histories on Reddit, the social media platform, to match vote history with social media use, and well-informed predictions were made about where each voter would stand on issues as personal as abortion and stem cell research.
It’s the kind of sensitive information that, if a bank or a big-box retailer or almost any other corporation had failed to protect it, would have triggered major trouble with regulators. But there it sat on the Internet, without so much as a password to guard it, for 12 days.
Luckily for the Republican Party and Deep Root, an Arlington, Va.-based firm that handles data management and analysis for the party, it was a cybersecurity consultant who came across the treasure-trove of political data this month, not a foreign agent. There is no indication that the database had been tapped by any other unauthorized parties while it was unprotected.
But the exposure of the data, which some are describing as the largest leak of voter information in history, is a jolting reminder of how deeply the political parties are probing into the lives of voters and how vulnerable the information they are compiling is to theft.
The Deep Root incident is the latest in a series of such problems with political data, the most infamous being the case of the Russian hack of the Democratic National Committee. As cybersecurity experts sound an increasingly loud alarm about the potential consequences, the…