Personal information for more than 198 million American voters were left exposed this month after a data analytics firm hired by the Republican National Committee stored the files on an unsecured Amazon server.
Deep Root Analytics, the conservative analytics firm, confirmed in a statement Monday the files had been accessed without their knowledge.
“The data that was accessed was, to the best of our knowledge this proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the company said in a statement. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”
Meanwhile, the Republican National Committee also issued a statement saying they have cut ties to Deep Root Analytics.
“Deep Root Analytics has taken full responsibility for this situation and the RNC has halted any further work with the company pending the conclusion of their investigation into security procedures,” the RNC said in a statement. “While Deep Root has confirmed the information accessed did not contain any proprietary RNC information, the RNC takes the security of voter information very seriously and we require vendors to do the same.”
UpGuard cyber risk analyst Chris Vickery found the exposed server on June 12, notified federal authorities, and Deep Root Analytics secured the files against public access two days after they were discovered.
Vickery discovered 1.1 terabytes stored on the cloud, that was fully downloadable and not password protected, according to a report published to UpGuard’s website.
“Among these files were clear indications of the repository’s political importance, with file directories named for a number of high-powered and influential Republican political organizations. As such, the exposed Deep Root Analytics warehouse contained a remarkable amount of fully…