A massive trove of voter records containing personal information on millions of Texas residents has been found online.
The data — a single file containing an estimated 14.8 million records — was left on an unsecured server without a password. Texas has 19.3 million registered voters.
It’s the latest exposure of voter data in a long string of security incidents that have cast doubt on political parties’ abilities to keep voter data safe at a time where nation states are actively trying to influence elections.
TechCrunch obtained a copy of the file, which was first found by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. It’s not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data.
Chris Vickery, director of cyber risk research at security firm UpGuard, analyzed a portion of the data. (It was Vickery who found a larger trove of 198 million voter records last year exposed by a similar data firm Deep Root Analytics, which sourced much of its data from Data Trust.)
A spokesperson for Data Trust declined to comment on the record.
The file — close to 16 gigabytes in size — contained dozens of fields, including personal information like a voter’s name, address, gender and several years’ worth of voting history, including primaries and presidential elections.
Granted, much of that data is public. According to The Texas Tribune, that kind of voter data in Texas is already obtainable for a fee, but information relating to individuals’ political affiliations and party memberships is not. Sam Taylor, communications director for the Texas secretary of state, told TechCrunch in an email that certain data points — like Social Security numbers — are also excluded, and the voter data cannot be used for commercial purposes, like advertising.
But data-driven political firms like Data Trust use the data for political purposes, specializing in supplementing those voter profiles with information that might help a campaign to flip a person who might not vote for a Republican candidate at the ballot box.
That’s where this file fills in the gaps with dozens of other fields, which can be used by campaigns to position their political messaging.
For example, the data includes fields that might score an individual’s believed views on immigration, hunting, abortion rights, government spending and views on the Second Amendment.
Other fields were more relevant to the recent 2016 presidential election, in which the data predictively scored individuals on if they “trust” or have “no trust” for then-Democratic candidate Hillary Clinton.
The data also includes additional personal information, such as a person’s phone numbers and their ethnicity and race.
It’s not known exactly when the data was compiled, but an analysis of the data suggests it was prepared in time for the 2016 presidential election. It’s also not known if the file is a subset of the 198 million records leak last year — or if it’s a standalone data set.
Without an owner to inform of the exposure, it’s unclear if the data is still online.