U.S. Voter Data Was Leaked Online, Exposing Citizen Information

A data analytics company that specializes in political campaigning exposed voting records of U.S. citizens online, cybersecurity expert Bob Diachenko revealed this week.

RoboCent, a Virginia robocalling firm that helps political entities send alerts via calls and text messages, allegedly left a database containing names, phone numbers, political affiliations, dates of birth, genders and other demographics online without password protection.

The data was available for anybody to find online, according to Diachenko, who told Newsweek that some of the files are still listed—but not accessible—online. The repository, he said, contained 2,594 listed files including pre-recorded audio messages and spreadsheets. RoboCent offers clients voter data for 3 cents a record, it advertises on its website.

Diachenko told Newsweek that it remains unclear exactly how long the U.S. voter information was exposed. Out of the 2,594 files that were discovered online, he estimated that there were "hundreds of thousands" of records. He acknowleged some could be duplicates.

Voting in the U.S.
A roll of 'I Voted' stickers sit on a table inside a polling station at a Ross Valley fire station on June 5, 2018 in San Anselmo, California. Justin Sullivan/Getty Images

Diachenko said that file names suggested some of the data did not originate at RoboCent and was bought from third-party collectors such as NationBuilder, an analytics firm that claims to be "the most used, affordable, and accessible platform for political campaigns in the world."

At this point, claims from the researcher and company are conflicting.

RoboCent co-founder Travis Trawick told Newsweek that the data was from 2013-2016 and had not been used in the past two years. He stressed that the files had been secured.

He said: "We have no evidence to support that this data has been accessed by any third parties for inappropriate use. The affected data is a very small portion of the full data that is housed by RoboCent. No customer information beyond the name of their campaign was released in the data exposure. No voter data contained any Personally Identifiable Information."

But screenshots obtained by ZDNet clearly indicate additional information was included.

Trawick continued: "All exposed data was publicly available information. We have started and will continue to notify the affected customers whose data was exposed. Our legal team is currently researching data exposure laws and how to properly report this to the authorities. We will be fully compliant to ensure this is handled correctly and legally."

In a blog published Wednesday, Diachenko said a company engineer had taken steps to contain the leak. "We're a small shop (I'm the only developer) so keeping track of everything can be tough," the developer told him via email after the incident was disclosed.

In many U.S. states, public voter information can be openly purchased from various authorities and is often bought and traded by small profiling firms. In most cases the records should be somewhat controlled. That doesn't mean such information is always kept safe and secure.

As reported by Gizmodo, some regions only sell data to registered voters in their own states but chunks of such information can become outdated as people move or change contact details.

A leak of voter data occurred in 2017, when a database containing a whopping 198 million records was exposed. The year prior, 154 million U.S. voters had their information left online.

"Unfortunately, voter database breaches have become common in the age of digital records," Diachenko wrote this week. He urged all firms that use cloud storage to boost protection.

Ahead of the election that brought Donald Trump to power, Politico reported in 2016 that there were 200 million people registered to vote in the U.S. for the first time. Voting and social media metrics have become critical tools of all modern campaigns, both Democrat and Republican.

NationBuilder did not immediately respond to a request for comment.

poll worker
A poll worker posts voter information at a polling place in a church on June 5, 2018 in Los Angeles, California. Mario Tama/Getty Images