The vulnerable data, according to a BBC report, was discovered by Chris Vickery, a cyber-risk analyst with the security form UpGuard. The huge amount of data appears to have been collected from a wide range of sources, including posts on controversial banned threads on social network Reddit, to committees that raised funds for the Republican Party.
The data was stored in spreadsheets uploaded to a server owned by Deep Root Analytics, a media analytics firm. According to the BBC, it has last been updated in January when President Donald Trump was inaugurated and had been online for an undisclosed period of time.
Alex Lundry, the founder of Deep Root Analytics, told tech website Gizmodo: "We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked." Lundry added: "Since this event has come to our attention, we have updated the access setting and put protocols in place to prevent further access."
The data included very personal details about US citizens such as their suspected religious background and affiliations, their ethnicity and political stances, such as where they stood on controversial issues like gun control and abortion rights. The file names and directories suggested that the data was supposed to be used by Republican political organizers to create a profile on as many voters as possible by using all available data.
A blog post by Dan O'Sullivan on UpGuard's website reads: "That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling."
O'Sullivan added: "The ability to collect such information and store it insecurely further calls into questions the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations."
The information leak is said to be the largest in the US to date and has caused grave concern among privacy experts because of the sheer scale of the data gathered. Privacy International's policy officer, Frederike Kaltheneur told the BBC: "This is deeply troubling. This is not just sensitive, it's intimate information, prediction about people's behavior, opinions and beliefs that people have never decided to disclose to anyone."