During the Super Tuesday primaries this year, while everyone was focused on the latest results, someone quietly leaked the names, home addresses, and contact information for every GOP delegate in a western state. The list was up for a day or two, and then went away, with no one in the media the wiser.
As the Republican National Convention gets underway, we are keeping a close eye on the appearance of new and politically relevant data. The leak of delegates during the primaries is a single data point in a long election cycle of data breaches and political leaks. Donald Trump was doxxed, and server information for his properties was exposed. A list reported to be his email contacts showed up online with names, positions, and contact information. The now infamous DNC breach resulted in a series of document leaks, with more appearing every week. What’s next?
These are only a small portion of the political PII that appears on the dark web day to day. Admittedly we’re seeing more as the election approaches - and we expect to see at least one more big leak sometime during the conventions, with another appearing as we head into election day. These election leaks are not outliers, however. We regularly see dumps of state and local government officials, the staff of a senator or interns of a congresswoman, or perhaps a detailed list of family members for an unpopular governor.
The politicians are exposed. The delegates are exposed. And, more pressingly, the voters are exposed.
Voting databases have also been in the news over the last several months, as one country or state after another faces issues with misconfigured databases or exploited voter lists - not the least of which is the 191 million records exposed at the end of 2015. These voting databases contain detailed personal information, voting history, and party affiliations, along with voter ID numbers. Voting databases aren’t the only source of exposure. Right now, there’s a full state’s Driver’s License database for sale on one of the major dark web markets, providing all of the same information accessible through a voter database.
Around the world and at a convention center in Ohio, all eyes are on the candidates. In the next few days we should have a final answer on the Republican nominee. The real question is, who’s watching their data?