Personal Data on 200 Million Voters Leaked
Posted by: Timothy Weaver on 06/19/2017 02:40 PM
[
Comments
]
Personal data on nearly 200 million US voters, compiled at the behest of the Republican Party, has been discovered on an unsecure Amazon server.
The information includes home addresses, birthdates and phone numbers, plus analytics data that suggests who a person is likely to vote for and why, along with their stances on hot-button issues like the Second Amendment, stem cell research and abortion.
Deep Root Analytics were hired by the Republican Party and they stored the data on an unprotected Amazon server for 12 days.
Deep Root founder Alex Lundry said: “We take full responsibility for this situation. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access…Based on the information we have gathered thus far, we do not believe that our systems have been hacked."
Paul Fletcher, cybersecurity evangelist at Alert Logic, said: “The fact that this exposure was discovered on a public cloud site is irrelevant. In fact, if the AWS suite of security tools and log collection capabilities were properly implemented, this massive data exposure could’ve been avoided. The Amazon S3 server comes by default with an access control list (ACL), which needs to be properly setup, maintained and audited by the organization (and in this case), the organization’s customer—the GOP. Extra security is also available using server side encryption, again offered by AWS, but the responsibility to implement this solution is up to the public cloud customer.”
As with many data breaches, the fault lays in its weakest point - third party vendors.
Source: Info Security
The information includes home addresses, birthdates and phone numbers, plus analytics data that suggests who a person is likely to vote for and why, along with their stances on hot-button issues like the Second Amendment, stem cell research and abortion.Deep Root Analytics were hired by the Republican Party and they stored the data on an unprotected Amazon server for 12 days.
Deep Root founder Alex Lundry said: “We take full responsibility for this situation. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access…Based on the information we have gathered thus far, we do not believe that our systems have been hacked."
Paul Fletcher, cybersecurity evangelist at Alert Logic, said: “The fact that this exposure was discovered on a public cloud site is irrelevant. In fact, if the AWS suite of security tools and log collection capabilities were properly implemented, this massive data exposure could’ve been avoided. The Amazon S3 server comes by default with an access control list (ACL), which needs to be properly setup, maintained and audited by the organization (and in this case), the organization’s customer—the GOP. Extra security is also available using server side encryption, again offered by AWS, but the responsibility to implement this solution is up to the public cloud customer.”
As with many data breaches, the fault lays in its weakest point - third party vendors.
Source: Info Security
Comments
