Sensitive Voter Data Exposed by App Used in US Elections

Sensitive information about US voters was left exposed due to a data breach by the voter contact and canvassing app Campaign Sidekick, which is used by the Republican party in election campaigns. It has been revealed by the cybersecurity company UpGuard that an unprotected copy of Campaign Sidekick’s app’s code was mistakenly left freely available on its website. The breach has since been secured.

Originating during the 2002 election cycle, Campaign Sidekick has been used to help digitalize election campaigning as part of a wider approach by the Democratic and Republican parties to capture, unify, analyze and act on data about US voters. The Campaign Sidekick app helps collate information from interactions that take place with voters during canvassing.

On February 12 2020, UpGuard found that the git directory on app.campaignsidekick.vote was publicly available online. The files were downloaded and discovered to contain some sensitive data, following which the analyst informed Campaign Sidekick of the breach. Following communication between the two organizations, the breach was secured on February 15 2020.

With extensive data analytics now used in election cycles, it is critical that political parties have the most rigorous cybersecurity techniques and practices in place to protect individuals’ data.

“Organizations need to understand the ease with which attackers can access sensitive data by exploiting vulnerable third parties. Political campaign staffs rely on a broad ecosystem of third parties to help them do business, and it only takes one mistake within a single app to expose sensitive voter data,” commented Kelly White, CEO, RiskRecon.

“Any organization involved in maintaining the integrity of elections – from campaign staffs to party officials to state and local election boards – needs to better understand the security practices of all parties in the data chain of custody and hold those parties accountable.”

There have been several high profile election data breaches in recent years, including leaked emails relating to Hillary Clinton’s campaign to run for Senate.

What’s Hot on Infosecurity Magazine?