Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
A Republican National Committee contractor's data breach that led to the exposure of 198 million voter files highlights the third-party vendor data security risks faced by companies and organizations, the company that discovered the breach told Bloomberg BNA June 19.
The data breach, first discovered by UpGuard Inc., compromised a repository of the personal details and political stances of 198 million U.S. citizens, the company said in a statement. The voter information data breach was due to “a misconfigured database owned by a third-party vendor hired by the RNC,” it said.
The contractor data breach serves as a reminder to businesses of the cybersecurity risks posed by third-party vendors, which more companies are relying upon to protect information as they move their data to cloud storage.
Mike Baukes, CEO of UpGuard, told Bloomberg BNA June 19 that the exposure of the voter data is “another example of third-party risk becoming problematic.” He said such breaches are preventable and often caused by “human error.”
Although the matter was “quickly resolved,” the data was exposed for “10-14 days,” and it is difficult to determine whether other groups or cybercriminals had access to the data during that time, Baukes said.
The third-party vendor involved in the breach, Deep Root Analytics, said in a June 19 statement that it is aware of the breach and accepts “full responsibility.” Changes to the company's security protocols June 1 led to the voter-data access, it said. The company has since updated its security settings.
The contractor breach is one in a string of breaches over the past few years that have been connected with the data security of a third-party vendor.
For example, the Target Corp. breach that exposed as many as 60 million customers’ payment card data during the 2013 winter holiday shopping season has been attributed to a third-party vendor’s weak data security measures. More recently, the hack that led to the theft of Netflix Inc.'s ‘Orange is the New Black’ before its scheduled release date was attributed to a breach at Larson Studios, a post-production company.
John Suit, chief technology officer and cybersecurity professional at encryption solutions company Trivalent, told Bloomberg BNA June 19 in an email that the breach is “another example of data protection” not reaching needed levels in a growing online world. Companies must be cognizant of risks “posed by employees, vendors, contractors and partners, or next generation threats like ransomware,” he said.
A RNC spokesman told Bloomberg BNA that it “has halted any further work with the company pending the conclusion of their investigation into security procedures.” The RNC requires its third-party vendors to take “the security of voter information very seriously,” the spokesman said.
(The story has been corrected throughout to show that the data breach affected databases maintained by a third-party contractor, not to a RNC database.)
To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)