Title Democrats plan to keep using company that exposed 593,000 Alaskan voter records
Text A database of approximately 593,000 Alaska voter records has been exposed online.
TargetSmart, the company that owns the data, claims that it was not accessed by anyone other than the security researchers on their team and the team that identified the exposure.
Tom Bonier, the Chief Executive Officer of TargetSmart, confirmed the breach and said in a statement that Equals3, a software company based in Minnesota, “Appears to have failed to secure some of their data and some data they license from TargetSmart.”
“None of the exposed TargetSmart data included any personally-identifiable non-public financial data,” said Bonier.
Equals3 CEO Dan Mallin said, "Yesterday, a security researcher who specifically looks for vulnerabilities like this gained unauthorized access to the records of 20 Alaskans. No other records were accessed by any other individuals and we immediately shut down access to the data."
Mallin said a short while ago that Equals3, "Immediately shut down the server and contacted a third-party security firm to execute an intrusion test."
When asked whether Equals3 would continue working with TargetSmart, Mallin said: "TargetSmart is a valued partner and we worked hand-in-hand to ensure swift resolution."
Bonier spoke about the obligations of third-parties with data: "TargetSmart imposes strict contractual obligations on its clients regarding how TargetSmart data must be stored and secured, and takes these obligations seriously," said Bonier.
Jospehine H. Bahnke, the director of Alaska Division of Elections, says this was not a breach of the Alaska voter registration database: “It was a breach of a private research company’s system which leveraged the public information provided in voter lists with other information it was collecting from other sources. We have not heard from the research folks or anyone on this subject directly. That said, as was reported the site is no longer up, and state resources are investigating the matter,” said Bahnke.
Jay Parmley, the executive director of the Alaska Democratic Party, confirms it has used TargetSmart as a data vendor for “several years” through their affiliation with the Association of State Democratic Chairs.
“We might use them to understand the electorate by purchasing or matching data if you will. It could be a list, it could be a segment of voters, the voter file itself, all the registered voters - It’s pretty much a data enhancement,” said Parmley.
Some of the data TargetSmart matches with the Alaska Democratic Party includes phone numbers and addresses but it can also include household incomes.
Parmley explains the data has to be publicly available through organizations such as the Division of Elections or available in the common market.
Household income is self-reported, often through online surveys that are unrelated to politics, and then sold to companies like TargetSmart, Parmley said.
“That’s why you need to read the fine print, it could be sold by that vendor. They disclose that to you by really small print at the bottom of the page,” Parmley said.
Parmley said he was set to speak to TargetSmart about the breach but the Alaska Democratic Party would “absolutely” work with them again.
“We have had the highest of confidence in their ability and quite frankly in their data integrity and any breach like the one that happened today, would be the first time we’ve seen this happened,” said Parmley.
“We take people’s private information extraordinarily safely,” said Parmley.
Parmley described that the purpose of the data is often to campaign more efficiently by not sending information to people who never vote.
Meanwhile, Josh Walton, the Executive Director of the Alaska Republican Party, says they do not contract with TargetSmart but get their voter information through the Republican National Committee.
Walton says he understands the RNC compiles their information in-house.
KTUU reached out to the security research firm which is believed to have discovered the breach, it has not immediately responded for comment.