A lot of information released
Information was aggregated from Republican super PACs, Reddit and other sources and put into a database. Contained in the information were the details of voters – Social Security numbers, birth dates, emails, physical addresses, religion, race and political leanings – and were used in targeted political commercials.
Voters views on political issues were collected, and information showed their potential political inclinations. Issues like gun control, abortion, previous voting habits, views on foreign policy and beliefs on specific topics were found.
Reddit is cited as the source of a lot of this information. A problem with Reddit being a source is the lack of users who use their real names when posting. Political and non-political subreddits were analysed, and a wide range of users had their data collected.
Deep Root claim it wasn’t a hack
Deep Root is claiming they were not hacked and the fault of the information disclosed was a recent security update. To get access to the information, all that was needed was the correct URL. The files were not password protected, and the server was not secure.
This is the biggest data dump of electoral information. Over 61 percent of Americans is found in the database. Data like this does not come cheap, with the Republican National Committee paying $1 million to Deep Root last year.
Cyber security and privacy law is important
Deep Root released the following statement “The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”
There are no rules or regulations that state if a private company must secure the personal data in situations like this. It is unlikely that Deep Root will face any punishment for the accident. Many Americans have information out there that can be used by scammers and criminals to steal their identity. When information like this is released, the data does not just disappear.
Without changes or punishment as an incentive to keep personal data private and secure, it is likely a mistake like this will happen again.