It's being called the largest leak of voter information in history and "the mother lode." A conservative data firm exposed more than 198 million voter records (about 61 percent of the U.S. voting population) after saving the data to an unsecured Amazon cloud server for 12 days starting June 1st.
As you can imagine, this is a big no-no for any company, but it is especially damaging when the U.S. democratic process has already been hijacked by foreign actors during the 2016 presidential election. Experts have pointed out that the records contained all the data necessary to target certain voters and regions to sway the next election.
Sadly, poor digital security protocols and data breaches are not uncommon. Which is why it is vital for private businesses to invest in a cyber insurance policy to protect themselves from the financial, legal and reputation damages implicit in a data breach.
In Bad Faith
For a little background, Deep Root Analytics is a conservative data firm contracted by the Republic National Convention as part of a voter-analytics strategy. Specifically, the GOP is interested in people's political inclinations. This information is used to create detailed profiles on nearly 200 million Americans, as to better adjust messaging and coordinate efforts to capture crucial votes in upcoming elections.
Conducting this kind of research is pretty standard, but what makes this newsworthy is that the data was saved to the cloud without any password protection whatsoever, meaning that anyone could access this information along with voters' names, dates of birth, home addresses, phone numbers, registration details and assumed ethnicity and religion.
This is a veritable "gold mine" for anyone looking to target and manipulate voters, says ThreatModeler founder Archie Agarwal in an interview with Business Insider.
"Governments are made or broken on this. I don't even have words to describe it," Agarwal says. "If the Russians have this data, then they have targeted information that could allow them to try to swing the vote."
Russian-sponsored hackers have already weaponized data stolen from the Democratic National Convention and propagated fake news to manipulate public opinion.
The leak was first discovered by Chris Vickery, a cyber risk analyst at UpGuard who says he encounters data-breach situations like this every day.
"Companies don't realize their employees are cutting corners, and mistakes get made. It's absolutely an epidemic," Vickery says.
It's true. Research shows that employee negligence is the top cause of data breaches. Not to mention that the majority of online users fail to follow simple password protocols, including using a unique sign-in for every site and service and avoiding common alphanumeric combinations.
What Now?
No one knows yet whether Deep Root will face a lawsuit for exposing voters' personal information, but it's certainly not unheard of. If your small business suffers a similar breach of customer or client information, you could face heavy financial losses due to a class action lawsuit, damages to your reputation or extortion by a hacker.
So why not learn from Deep Roots mistake? Use robust passwords to protect your most valuable information in a secure and encrypted cloud or database. And invest in a cyber insurance policy just in case things go haywire. You'll be glad you did.
Interested in learning more about cyber insurance? Visit CyberPolicy today!