A massive trove of voter records containing personal information on millions of Texas residents has been found online.
The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters.
It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections.
TechCrunch obtained a copy of the file, which was first found by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. It’s not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.
Chris Vickery, director of cyber risk research at security firm UpGuard, analyzed a portion of the data. (It was Vickery who found a larger trove of 198 million voter records last year exposed by a similar data firm Deep Root Analytics, which sourced much of its data from Data Trust.)
A spokesperson for Data Trust declined to comment on the record, but later gave a statement to the Austin American-Statesman denying a breach of its systems.
The file — close to 16 gigabytes in size — contained dozens of fields, including personal information like a voter’s name, address, gender and several years’ worth of voting history, including primaries and presidential elections.
Granted, much of that data is public. According to The Texas Tribune, that kind of voter data in Texas is already obtainable for a fee, but information relating to individuals’ political affiliations and party memberships is not. Sam Taylor, communications director for the Texas secretary of state, told TechCrunch said that Social Security numbers are excluded, and the voter data cannot be used for commercial purposes, like advertising.
Taylor added that the data exposure was not related to Texas’ statewide voter registration database.
“The Texas Secretary of State’s office takes the integrity and security of Texans’ voter data very seriously, and have received no indication or evidence that our state’s voter registration database has been exposed, infiltrated, breached, or otherwise compromised,” he said.
“The private entity or individual that reportedly exposed the data in their possession will have to answer questions as to why they allowed such an exposure to occur,” he added.
But data-driven political firms like Data Trust use this kind of voter data for political purposes, specializing in supplementing those voter profiles with information that might help a campaign to flip a person who might not vote for a Republican candidate at the ballot box.
That’s where this file fills in the gaps with dozens of other fields, which can be used by campaigns to position their political messaging.
For example, the data includes fields that might score an individual’s believed views on immigration, hunting, abortion rights, government spending and views on the Second Amendment.
Other fields were more relevant to the recent 2016 presidential election, in which the data predictively scored individuals on if they “trust” or have “no trust” for then-Democratic candidate Hillary Clinton.
The data also includes additional personal information, such as a person’s phone numbers and their ethnicity and race.
It’s not known exactly when the data was compiled, but an analysis of the data suggests it was prepared in time for the 2016 presidential election. It’s also not known if the file is a subset of the 198 million records leak last year — or if it’s a standalone data set.
Without an owner to inform of the exposure, it’s unclear if the data is still online.
Updated on August 27: with an additional statement from the Texas secretary of state’s office.