Records that contain extensive details about all Alaska registered voters were exposed to the public on the Internet, due to a database error at a Democrat-related Big Data firm.
Reported by Nat Herz in the Alaska Dispatch News, the database problem was also discussed in detail by Kromtech Security in a report released today. Some 593,328 Alaska voters had their information exposed.
That there are only 528,560 registered Alaska voters is a discrepancy that Must Read Alaska cannot explain. It appears that the remaining 70,000 individuals whose data was compromised were nonvoters.
The records included names, addresses, voting tendencies, birth dates, marital status, and family relationships. It also contained information to indicate whether the voter favored gun rights, was pro-choice, or other types of issues that drive voters to the polls.
Republican candidates have access to similar databases that are available from the Republican National Committee. These data products are part of the arsenal that candidates now use to gain an advantage.
It’s unclear if the massive data bank was captured by anyone. The company responsible, TargetSmart, says it wasn’t. But the company also didn’t know the data was exposed until it was told so by a third party company, Kromtech Security.
The information could have been harvested, because the files could be downloaded without using a login or password.
TargetSmart works extensively with NPG Van, a leading Democrat-focused software that supports the Big Data efforts of Democratic candidates. Campaigns use the data to target people with specialized messages that are tailored to meet their political viewpoints.
TargetSmart CEO Tom Bonier released this statement to Kromtech Security:
STATEMENT BY TARGETSMART
We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database of approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure. None of the exposed TargetSmart data included any personally-identifiable non-public financial data. And to be clear, TargetSmart’s database and systems are secure and have not been breached. TargetSmart imposes strict contractual obligations on its clients regarding how TargetSmart data must be stored and secured, and takes these obligations seriously.
Equals3 has confirmed that the file was never accessed by anyone other than the security researcher who brought the exposure to our attention, and our team as they investigated the exposure. Equals3 assures us that although the data was left exposed for a time, it has since been taken offline and secured.
We are thankful to the Kromtech security researchers for raising this issue with us.
Although TargetSmart released that statement to Kromtech, it did not post it on its own web site.