Vote NO on Exposed Voter Data
Do you remember where you were between June 1 and June 12, 2017?
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.The article describes a major data exposure by media analytics firm Deep Root Analytics in June 2017, when nearly 200 million US voter records were left unsecured on a publicly accessible server for eleven days. The event was discovered by an outside cyber-risk analyst at UpGuard who accessed the data without a password, highlighting that this was a leak caused by lack of basic security rather than a targeted hack. The operational impact included loss of public trust, legal consequences including a class action lawsuit, and a warning that proper security planning and protections act as essential insurance against reputational and legal damage.
What happened during the Deep Root Analytics data exposure in June 2017?
In June 2017, Deep Root Analytics left nearly 200 million US voter records on a publicly accessible server without a password, making personal details like home addresses and phone numbers available to anyone with an internet connection. The exposure lasted eleven days until an external cyber-risk analyst at UpGuard discovered the unsecured data. The incident was characterized as a leak due to inadequate security controls rather than a hack or external intrusion.
Why is the Deep Root incident described as a leak rather than a hack?
The article emphasizes that no outside attacker breached Deep Root Analytics’ systems; instead, the sensitive voter data was left unprotected on a public server so that anyone could access it without authentication. Because the issue stemmed from the organization’s failure to implement basic security measures and not from a deliberate external intrusion, it is classified as a leak. The distinction underscores that internal security practices and configuration errors can cause massive exposures without any hacking effort.
What were the consequences and lessons from the Deep Root exposure?
Although the exposed data was not reported to have been abused, the incident damaged public confidence and led to legal repercussions, including a class action lawsuit against Deep Root Analytics. The article presents the event as a cautionary tale: lacking a security plan and breach response can ruin a company’s reputation and invite litigation. The key lesson is that strong security controls and planning function as insurance—protecting sensitive data, preserving trust, and avoiding potentially existential costs tied to reputational and legal fallout.
Do you remember where you were between June 1 and June 12, 2017?
Your home address, birth date, phone number and political leanings were all up for grabs this past June. Nearly 200 million US voter records were there for the taking for anyone with a network connection, thanks to a media analytics firm who failed to keep your data secure.
Deep Root Analytics is responsible for the largest known exposure of voter information in history. For a few warm, summer days in June, Deep Root left the personal data of almost 200,000,000 registered voters unsecured on a publicly accessible server. That means nearly half of the US population had their personal info in the public domain.
It took eleven days, and someone from outside the organization, to notice something was wrong. A cyber-risk analyst at UpGuard discovered the exposed data when he was able to access the information without a password.
“Anyone with an internet connection could have accessed the voter data,” UpGuard revealed.
One of the most important points of this unfortunate story is that this was not even a hack. This was not an attack from the outside in. Nor was anyone knocking on the door of Deep Root Analytics’ servers. It was not a hack, but a leak.
Deep Root Analytics did not bother to protect their clients’ sensitive data, putting the safety of millions on the line, and compromising their own corporate reputation.
Although no one hijacked the data, it raises the question, is that even the point?
Simply put, securing your network and its contents is an insurance policy. The price of proper protection is invaluable, especially when the cost of a damaged reputation could cost you your company.
Deep Root didn’t have a breach plan. In fact, they didn’t even have a security plan!
When you don’t take the proper steps to secure sensitive data, you become your own worst enemy. While, thankfully, the data was not accessed or abused, Deep Root nonetheless cost millions of Americans their confidence in services they trust to keep their information safe.
Meanwhile, Deep Root is mired in a class action lawsuit, and is the target of much public anger – and rightly so.
The takeaway: Great security is great insurance, and great insurance is just common sense.
Published in:
Anna is a passionate content writer who’s always eager to learn something new about cyber security.
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.