Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.
Not hacked, not stolen, not encrypted. The data was simply open and on a sort of internet backwater part of a site nobody was expected to be able to find. Classic Noob mistake.
Luckily some of my friends are huge nerds and broke it down into the most realistic terms of how it could have happened.
- Incompetent people who set up the list forgot to add security
Nerd Input: No way, anyone who knows how to put together this data and set up an amazon server would be ignorant of the security protocols and exposure risks.
- The Security was Recommended and Turned Down
Geeksplaining: The engineers at the market firm pointed out that the information should be behind certain security measures, and the people in charge turned it down because lots of people were going to have to be able to access it and the security features would be too cumbersome and ungainly to make this possible.
- Not My Circus, Not My Monkeys (Moral Hazard)
Zero Cools Explanation: The engineers straight up did not care about the political implications, and because the work did not mention building a security network they just turned a blind eye and built exactly what the client wanted, no more, no less. Think about a construction project on a house. If a general contractor was building a perfectly usable house on a perfectly nice budget and a tight budget, would they mention extra work that would cost time and money?
This disclosure dwarfs previous breaches of electoral data in Mexico (also discovered by Vickery) and the Philippines by well over 100 million more affected individuals, exposing the personal information of over sixty-one percent of the entire US population.