The leak has essentially exposed more than half of the USA population, trouncing the second-largest leak of voter information, the 2016 exposure of 93.4 million Mexican voters.
The data was compiled for last year's USA presidential election by Deep Root Analytics, Target Point Consulting, and Data Trust on behalf of the Republican National Committee, security vendor UpGuard said.
A cyber-risk analyst for UpGuard discovered the online data last week.
The data leak by Deep Root Analytics contains personal information of roughly 61 per cent of the USA population, technology news website Gizmodo reported. The information includes phone numbers, addresses, and detailed personal political opinions. As a media analytics firm, Deep Root uses advanced algorithmic modeling to compile or predict the political preferences of any registered voter that's been caught in its extensive web.
Anyone with Internet access could also have downloaded all the data. Lundry later commented that they don't believe their systems were hacked and that the data was not accessed by any malicious third parties while it was exposed. USA voter registration is often made available to private entities by U.S. states, some of which consider it public information. Deep Root was alerted to the flaw and it was patched prior to upGuard's publication, but it's unclear how many, if any, accessed the data before the server was fixed.
Deep Root Analytics, the conservative analytics firm, confirmed in a statement Monday the files had been accessed without their knowledge. "The data was made ready available on a public and easily accessible Amazon cloud server, with no additional security protection in place". But that's not all, there are a total of 48 data fields for each individual voter, detailing their stances on a number of subjects including gun rights, abortion, environmental issues and even opinions on stem cell research. One file, for example, listed each potential voter individually and rated their likelihood to support a policy, candidate, or issue at the top of the column.
While no directory of files was visible online, to access them it was only necessary to understand the naming conventions typically used for database files on AWS and then use wildcards to search for possible hits, said Vickery.
"Deep Root Analytics has taken full responsibility for this situation and the RNC has halted any further work with the company pending the conclusion of their investigation into security procedures", the RNC said in a statement.