The data contained in the breach includes an
unsettling amount of personal information, including voters’ first and
last names, birth dates, home and mailing addresses, phone numbers,
registered party, self-reported racial demographic and voter
A Deep Root spokesman confirmed the breach in an email to HuffPost, saying, “We take full responsibility for this situation.”
The company added it is undertaking a full review of
the lapse, which is believed to have begun June 1 and lasted through
June 14. UpGuard Cyber Risky Analyst Chris Vickery, who found the files,
notified federal authorities of the exposure.
Deep Root said it believes only Vickery accessed the database during that time.
Vickery was able to download 1.1 terabytes of
“entirely unsecured” data, which uses 9.5 billion data points to
describe 198 million potential U.S. voters’ likely political preferences
across 48 different categories. Those categories span nearly every
major political debate, including a voter’s likely stance on abortion,
gun control, stem cell research and environmental issues.
The exposure of such personal data for so many voters is the largest breach of its sort.
It is a testament both to their talents, and to the real danger of
this exposure, that the results were astoundingly accurate.
Vickery’s colleague, UpGuard reporter and analyst Dan O’Sullivan, looked himself up in the database and
was taken aback by the RNC’s analyses. “It is a testament both to their
talents, and to the real danger of this exposure, that the results were
astoundingly accurate,” he wrote.
Most of the data appears to have originated
from Republican super-Political Action Committees and other external
collection firms, and not with Deep Root itself.
Large caches of text appear to have been
scraped from Reddit, while other folders seem to have been named to
track the origin of the data each contains. UpGuard reported that
American Crossroads, the super-PAC Republican strategist Karl Rove
helped start, likely contributed data, as did a company called Data Trust,
which boasts a mission of “continually develop[ing] a Republican and
conservative data ecosystem through voter file collection, development,
Last January, Vickery found a database with 56 million records
that appeared to belong to a right-wing Christian organization. In
addition to more standard information like a person’s name and address,
it included individual income levels, whether they donated to religious
organizations, where they worked, and whether they were politically
In 2015, Vickery uncovered a database of 191 million voter records that didn’t seem to have an owner.
UpGuard notes the recent lapse also eclipses political data breaches in other countries, including those for 93.4 million Mexican voters and 55 million voters in the Philippines, both of which occurred in April 2016.
This article originally appeared on