Deep Root Analytics

The greatest expose of its sort in history, researcher Chris Vickery discovered approximately 200 million voter records in an insecure Amazon S3 bucket kept by Deep Root Analytics (DRA).

First and last name, date of birth, phone number, party affiliation, ethnicity, voter registration information, and a flag in case the voter appears on the federal Do-Not-Call registry are all included in the records.

There are more characteristics in the voter files that could have been utilised for analysis based on religion and ethnicity.

Complete voter files that were assembled by DRA and at least two additional contractors, Target Point Consulting Inc. and Data Trust, are included in the collection.

Source: https://securityaffairs.com/60243/data-breach/dra-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/deep-root-analytics

"id": "dee2339251123",
"linkid": "deep-root-analytics",
"type": "Data Leak",
"date": "06/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Approximately 200 million voter '
                                              'records',
                        'industry': 'Data Analytics',
                        'name': 'Deep Root Analytics',
                        'type': 'Organization'}],
 'attack_vector': 'Insecure Cloud Storage',
 'data_breach': {'number_of_records_exposed': 'Approximately 200 million',
                 'personally_identifiable_information': ['First and last name',
                                                         'Date of birth',
                                                         'Phone number',
                                                         'Ethnicity'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['First and last name',
                                              'Date of birth',
                                              'Phone number',
                                              'Party affiliation',
                                              'Ethnicity',
                                              'Voter registration information',
                                              'Do-Not-Call registry flag']},
 'description': 'Researcher Chris Vickery discovered approximately 200 million '
                'voter records in an insecure Amazon S3 bucket kept by Deep '
                'Root Analytics (DRA). The records include first and last '
                'name, date of birth, phone number, party affiliation, '
                'ethnicity, voter registration information, and a flag in case '
                'the voter appears on the federal Do-Not-Call registry. '
                'Additional characteristics in the voter files could have been '
                'utilized for analysis based on religion and ethnicity. The '
                'complete voter files were assembled by DRA and at least two '
                'additional contractors, Target Point Consulting Inc. and Data '
                'Trust.',
 'impact': {'data_compromised': ['First and last name',
                                 'Date of birth',
                                 'Phone number',
                                 'Party affiliation',
                                 'Ethnicity',
                                 'Voter registration information',
                                 'Do-Not-Call registry flag']},
 'title': 'Exposure of 200 Million Voter Records by Deep Root Analytics',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unsecured Amazon S3 Bucket'}

Deep Root Analytics

Lazarus Naturals

Estes Forwarding Worldwide

Synnovis