This staggering breach was caused by the carelessness of a conservative-focused data firm, ironically named “The Data Trust.” They left their research file completely exposed and unprotected on a server that anyone could access with no password required. It’s hard to see how the exposure could have been more damaging or all-inclusive.
The Single, massive file contained the following details:
- Voter name
- Voter address
- Voting history for past elections, including primaries and presidential elections
According to the independent New Zealand researcher who discovered it, who goes by the name of “Flash Gordon,” the file also contained indications of voter views on abortion, immigration, the Second Amendment, and whether or not the voter in question trusted Hillary Clinton.
Bill Evans, the VP of the security firm “One Identity,” had this to say about the incident:
“The idea of having a database like this sitting with no password is such an incredible lapse in judgement today. While we all know that keeping up with password best practices can be somewhat annoying – forgetting and resetting them in a broken cycle – it is inexcusable and maybe illegal to leave data that contains personal information like this completely unprotected.
It is a good reminder, however, and call to action for any organization that is storing sensitive data, that it is their responsibility to ensure security, as well as authentication to access it. There are four basic security measures that should be part and parcel of doing business today. Those include end-user education, multi-factor authentication, privileged-access management, and access governance to ensure only the right people have the right access to the right things at the right time.”