A marketing firm accidentally blew open the personal data of nearly 200 million Americans, or around 62% if the entire U.S. population.
Deep Root Analytics, which was hired by the Republican National Committee to identify audiences for political ads, leaked the individuals’ home addresses, political views, religious affiliations, birth dates, and telephone numbers.
Deep Root had collected the information from a range of sources, including social media forums such as Reddit and from committees that raise funds for GOP candidates.
It entered the data into spreadsheets and uploaded them to its server.
The Republican National Committee paid Deep Root more than $6.7 million during the 2016 election cycle, according to Gizmodo. The company’s data files guided party operatives trying to customize ads outreach to different groups of voters.
The data breach happened during an update to the system’s security settings on June 1. The settings shut off security entirely and rendered all of the system’s records completely publicly accessible.
The disclosed records not only store hard data on each individual. Using predictive software, Deep Root had created statements of where they individual was likely to stand on numerous political issues and displayed these, as well.
“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behaviour, opinions and beliefs that people have never decided to disclose to anyone,” Frederike Kaltheuner, a policy officer with Privacy International, a privacy-advocacy NGO, told the BBC News.
Deep Root founder Alex Lundry told reporters that he “takes full responsibility for the situation” and the the firm has instituted new access protocols to block public access to the data.