The voter records of more than 198 million Americans have been compromised in what some security experts are calling “the largest known data exposure of its kind.”

Deep Root Analytics, a data firm working for the Republican National Committee, had stored 1.1 terabytes of voter data on a publicly accessible server with no form of encryption or other security. Chris Vickery, a risk analyst at cybersecurity firm UpGuard Inc., discovered the insecure data on an Amazon Web Services S3 bucket, which was reportedly accessible to anyone with an Internet connection.

According to UpGuard, the voter data included multiple pieces of personally identifiable information for “potentially near all of America’s 200 million registered voters.” This data included names, dates of birth, home addresses and phone numbers, as well as “modeled” voter information that predicted their ethnicity and religion. The data also included some more unusual files, such as a large repository of Reddit posts converted to text files.

UpGuard said it informed Deep Root of the insecure data immediately after discovering it last week, and the server has since been secured, but UpGuard did not say whether the data could have already been accessed by other organizations.

Deep Root co-founder Alex Lundry confirmed the breach in a statement, but he downplayed the significance of the information found on the server.

“The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices,” Lundry said. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”

He added that the company is conducting an internal review with the help of cybersecurity firm Stroz Friedberg to do an investigation. “Through this process, which is currently underway, we have learned that access was gained through a recent change in access settings since June 1,” he said. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”

According to Lundry, the voter modeling information that was also contained on the server was used to “enhance advertiser understanding of TV viewership.” Given Deep Root’s involvement with the GOP, this likely means that the voter data was used to tailor political ads to specific markets. This demonstrates the Republican party’s investment in big data for the purposes of campaigning, which according to UpGuard involved more than $100 million in the 2016 presidential election.

Photo: Visual Content Data Security via photopin (license)