NORTH PROVIDENCE, R.I. (WPRI) – The personal information of 198 million American voters was vulnerable online for days, stored on an unsecured server by Deep Root Analytics, a media analytics firm that was hired by the Republican National Committee.
In a statement posted to its website, the company said, “Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge.”
Chris Vickery, a cyber risk analyst at UpGuard, said he discovered the data leak on June 12th. UpGuard said the unsecured data included names, dates of birth, home addresses, phone numbers, and voter registration details.
“If they didn’t have that file password protected or encrypted, it’s easily obtained by people on the internet who want to use that information for the wrong reasons,” said Gian Gentile, of SecurityRI, a security company based in North Providence.
“The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices,” according to Deep Root Analytics.
“This is really big,” Gentile said. “Information was compromised, and even though it may be some minor stuff you can just imagine the future of what they [criminals] can obtain and what they can do with that information.”
It’s unclear if any of the unsecured data was accessed by anyone with criminal intentions, but cybersecurity experts say you should take steps to protect your identity, just in case.
Start by checking your accounts often to monitor for fraudulent activity. Strong passwords are also important.
“I would definitely go with special characters, caps locks, lower case, and maybe once a month, switch it up,” Gentile said.
You should also make sure your security questions aren’t easy to crack.
“Your security questions shouldn’t be all personal easy ones like, ‘What’s my dog’s name?’ ” Gentile said. “You can easily stalk someone on a social media account and find that type of information.”
The full statement from Deep Root Analytics:
Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge.
Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying.
The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.
Deep Root Analytics maintains industry standard security protocols. We built our systems in keeping with these protocols and had last evaluated and updated our security settings on June 1, 2017.
We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked.