Trump campaign data firms leak info on 200m US voters

Sensitive personal information on more than 198 million voters in the United States was stored unencrypted and with no access controls in the cloud, potentially creating one of the largest data leaks ever.

The data was compiled for last year's US presidential election by Deep Root Analytics, Target Point Consulting, and Data Trust on behalf of the Republican National Committee, security vendor UpGuard said.

Measuring 1.1TB, the information was stored in an unprotected Amazon Simple Storage Service (S3) bucket as spreadsheet files.

It was discovered by UpGuard as part of a search for misconfigured data sources in the cloud.

Almost all of the 200 million registered voters, or almost two-thirds of the population in the United States, are included in the data leak.

Data held on the voters included their names, dates of birth, home addresses and phone numbers, as well as their election registration details.

The analytics firms had also modelled voter ethnicities and religious faith.

Republican campaigners used the information to target specific voters and to increase the efficiency of their advertising during the election, UpGuard said. 

A further 24TB of data was also found in the S3 bucket, but it was protected against unauthorised access.

UpGuard's researchers reported the data leak to US authorities and to Deep Root Analytics, which has secured the information.