Data containing personal information on millions of Texans has been posted online, according to a report in TechCrunch, a site devoted to technology news.
The voter data was contained in a single file with an estimated 14.8 million records, left on an unsecured server that was not password-protected, TechCrunch reported.
The report said it’s not clear who owned the server where the exposed file was found, but one analysis of the data suggested that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data, according to the report.
Data Trust, whose motto is “Data Done Right,” said it was not to blame.
“While the information appears to be voter data, it cannot be confirmed as Data Trust data, and we are confident we did not host or transfer data on an unsecure, publicly accessible platform,” said Chad Kolton, a spokesman for Data Trust.
But Chris Vickery, director of cyber risk research at the security firm UpGuard, reviewed a small portion of the file and pointed the finger at the GOP firm.
Vickery, who previously brought to light another data breach that might have involved data compiled by Data Trust, said that telltale fingerprints on the data pointed to the GOP firm again having a hand.
He said, for example, that the first field in the data is labeled “DT_ID” — as in, the identification number Data Trust assigned each client — and that many of the other fields matched up with a past Data Trust-related breach.
He said the breach is “dangerous.”
“If it falls into scammers’ hands, they’ll know who’s an elderly citizen, they’ll know telephone numbers, they’ll know exactly who to target and their predilections — people who distrusted Hillary are easier to scam with this type of scam, for example,” Vickery said.
Data Trust was paid $6.75 million in the 2016 election cycle by the Republican National Committee, and the RNC has paid the firm $5.75 million thus far in the 2018 election cycle, according to the Center for Responsive Politics, which tracks money in politics.
TechCrunch reported that the data was first found by a data breach hunter who goes by Flash Gordon. Flash Gordon did not respond to a request for comment from the American-Statesman.
The file contained dozens of fields, including personal information such as voter names, addresses, gender and several years of voting history, including participation in primaries and presidential elections, according to the report.
That sort of data is publicly available from counties or the Texas secretary of state’s office.
“Campaigns request it all the time,” Sam Taylor, a spokesman for the state agency, which oversees elections, told the Statesman.
The office gets roughly 400 requests for voter data annually from campaigns, university researchers, research firms, think tanks, local county parties or individuals, he said. Depending on the number of voters whose information is requested, access to the data — which extends back to the early 2000s — can cost about $1,300, Taylor said.
“Any member of the public can request it,” he said, if they pay the fee and sign an affidavit stating that the material won’t be used for commercial or advertising purposes.
The secretary of state’s office is barred by law from releasing Social Security numbers of voters or the home address of federal and state judges. The data also does not say which candidates a voter supported in the voting booth, but whether a voter cast a ballot in the Republican or Democratic primaries is public information.
Similar voting data was at the heart of a controversial request for election records from all 50 states that was made by a commission created by the Trump administration to examine claims of voter fraud. President Donald Trump dissolved the commission in January after a political backlash and legal challenges.
According to the TechCrunch report, the data file, which has not been directly reviewed by the Statesman, included dozens of additional fields to score an individual’s perceived views on immigration, hunting, abortion rights, government spending and guns.
The TechCrunch report said an analysis of the data — which also included other personal information, such as phone numbers, ethnicity and race — suggested it was prepared in time for the 2016 presidential election.
Several fields included estimates about whether individuals “trust” or have “no trust” for then-Democratic candidate Hillary Clinton, according to the report.