A data analytics firm that worked on the Republican campaign of Donald Trump exposed personal information belonging to some 198 million Americans, or nearly every eligible registered voter, security researchers said Monday.
Researchers at the consultancy UpGuard said they discovered a "misconfigured database" containing sensitive personal details of the US voter database operated by Deep Root Analytics and used by the Republican National Committee in the 2016 election campaign.
A blog post by UpGuard said the researchers were able to view "names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as 'modeled' voter ethnicities and religions."
The information was described as "a treasure trove of political data and modeled preferences used by the Trump campaign," and the discovery offered a rare glimpse into the sophisticated voter targeting efforts used by the Trump camp during the White House race.
Contacted by AFP, Deep Root said in a statement it could not comment on specific clients but that it recently became aware "that a number of files within our online storage system were accessed without our knowledge."
The statement added that the data accessed included "proprietary information as well as voter data that is publicly available and readily provided by state government offices."
"We take full responsibility for this situation," Deep Root said, adding that it was conducting an investigation with outside experts.
The data firm said it was not aware of any parties that accessed this data other than UpGuard researcher Chris Vickery.
UpGuard said this was the largest known breach of voter data in history and represented the equivalent of 10 billion pages of text.
It said the files offer insights into the strategy used by Trump's campaign to target voters based on "data points" fed into an algorithmic formula.
The exposure "raises significant questions about the privacy and security Americans can expect for their most privileged information," the researchers said.
"It also comes at a time when the integrity of the US electoral process has been tested by a series of cyber assaults against state voter databases, sparking concern that cyber risk could increasingly pose a threat to our most important democratic and governmental institutions."