Notes

Personal Details of over 200 million uS Citizens Exposed

Personal details of over 200 million US citizens are exposed



19 June 2017



A marketing firm contracted by Republican National Committee accidentally exposed sensitive personal details of nearly 200 million US citizens.



A majority of the US population has access to this 1.1 Terabytes worth of information. This includes their birth dates, home addresses, and telephone numbers.



The data was accessible on a publicly accessible Amazon cloud server.



Anybody can access the data provided they have access to.



Political biases exposed



Chris Vickery, a cyber risk analyst at security firm UpGuard, discovered the huge collection of data in the last week. The data appears to have been gathered from multiple sources including posts on controversial threads on Reddit and committees that raised funds to help the Republican Party.



The data was stored in spreadsheets and uploaded to a server run by Deep Root Analytics. It was last updated in January 2017, the month that President Donald Trump was inaugurated. It was online for an unknown amount of time.



"We fully accept responsibility for this. Based on the information that we have gathered, we don't believe our systems were hacked," Alex Lundry, founder of Deep Root Analytics, told the technology website Gizmodo.



"Since we learned of this incident, we have modified our access settings and implemented protocols to prevent access to future events."



Apart from personal details, the data also contained individuals' religion, ethnicity, and political views including their views on controversial issues such as gun control as well as the right to have an abortion and stem cell research.



The file names and directories indicated that the information was intended to be used by influential Republican political organisations. The idea was to build a profile of the largest number of voters by using all available information, so some of the fields in the spreadsheets were left left empty if an answer could not be found.



"That such a massive national database could be constructed and hosted online, and without even the simplest of protections against the data being publically accessible, is troubling," Dan O'Sullivan wrote in a blog post on Upguard's website.



"The ability to collect such information and then store it in a secure manner is a further challenge to the responsibilities owed by private companies and political campaigns to people who are targeted by ever-higher-powered data analytics operations."



Privacy concerns



While it is widely known that political parties routinely collect data on voters however, this is the largest data breach of electoral data in the US. Privacy experts are concerned by the massive amount of data.



"This is a major concern. This isn't sensitive information. It's private information, predictions and beliefs about people's behaviour that people have not disclosed to anyone," Frederike Kaltheuner, Privacy International's policy manager, said to BBC News.



However the issue of collecting data and the use of computer models to predict the behavior of voters isn't just restricted to companies that market - Privacy International says that the entire online advertising industry works in the same way.



"It is a threat to the way democracy functions. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have known that the information they provided to one company would end in a database which was used to make them targets politically.



Ms Kaltheuner said, "You should be in control of what happens to your personal information, who is able to access it and for what purposes."



There is a risk that the leaked data can easily be used for nefarious purposes, from identity fraud to harassing people who are who are under protection orders or to intimidate people who hold an opposing political stance.
WOW-SERVERS.CO


"The potential for this type of data being accessible to the public and available on the dark web is very high," Paul Fletcher, a cyber-security evangelist at security firm Alert Logic told the BBC.



Data breach over MPs' staff details



31 March 2017



Philippines elections hack 'leaks data'



11 April 2016


Here's my website: https://wow-servers.co/