It’s 2017 and long past the days when being naive about cyber security is a valid excuse for organizations we entrust with our personal details to leave them unsecured.
That’s exactly what happened with more than 200 million American citizens’ personal details — including address, phone number, birthdate, and political party affiliation — the marketing firm Deep Root Analytics left exposed on a server with unsecured settings since being contracted by the Republican National Committee. The information was publicly accessible on an Amazon cloud server until recently.
The 1.1 terabytes of unsecured personal information of 62 percent of Americans was found last week by cyber-risk security firm UpGuard. Deep Root Analytics’ founder Alex Lundry told Gizmodo, “We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”
He went on to say, “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
Beyond personal details, the information stored also included each citizen’s stances on hot-button issues, such as abortion and gun control. Religious and ethnic identification were also included.
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.
“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
This serves as a reminder that despite one’s own best efforts to secure personal details, information is only as secure as those it’s entrusted with keep it.