The personal data of more than 200 million US citizens has been exposed – and no, this wasn’t a hack.

Rather, the information was “accidentally exposed by a marketing firm contracted by the Republican National Committee,” who stored it in stored internal documents on a publicly accessible Amazon server, reports BBC:

The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population [as well as] citizens’ suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research.

The data was meant to be used by “influential Republican political organisations” with the idea to create a profile on as many voters as possible, although the data was available to anyone who had a link.

The cache was discovered last week by cyber-risk analyst Chris Vickery and the information contained was collected from a variety of sources, from “posts on controversial banned threads on the social network Reddit, to committees that raised funds for the Republican Party”.

It was then stored in spreadsheets which were uploaded to a server owned by Deep Root Analytics:

It had last been updated in January when President Donald Trump was inaugurated.

Gizmodo explains that:

Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.

Deep Root’s founder Alex Lundry told reporters that:

“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked.

“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”

See, not a hack. Just a very, very poor security decision.

There are fears that the leaked data will be used for criminal purposes ranging from identity fraud to “harassment of people under protection orders, or to intimidate people who hold an opposing political view”.

However, although the data was exposed for 12 days, Deep Root doesn’t believe anyone accessed the information.

Looking at the depth of the data collected, one can easily see that there’s an “increasingly sophisticated data operation that has fed recent Republican campaigns and lays bare the intricate network of political organisations, PACs, and analysis firms that trade in bulk voter data,” explains Gizmodo.

And here we thought Bell Pottinger was a threat.

[soure:bbc]