Last month the news broke that personal information for almost 200 million people in the United States was inadvertently exposed to the public. This exposure wasn't the result of a hacked database. Rather, it occurred because the account housing the information had not been password protected!
Joe Uchill of The Hill reports that the data was the responsibility of Deep Root Analytics, a contractor working for the Republican National Committee (RNC). The database contained voter information for Republican, Democrat, and independent voters and included names, addresses, and voting histories, as well as voters' stance on a number of different political issues. The exposed data represented more than half of the American population. The database was believed to have been left unsecured for two weeks and exposed over 25TB of data. The error was found by a security firm researcher who notified officials. The data has since been secured.
Supporting Web Links
- A Republican contractor’s database of nearly every voter was left exposed on the Internet for 12 days, researcher says
- Database Leak Exposes Millions of Car VINs, Puts Customer Security at Risk
- Target's data breach settlement sets a low bar for industry security standards
- Wetherspoons just deleted its entire customer email database – on purpose
- GDPR: What it is, and what it means for you
- GDPR: EU Goes Against The Global Grain To Protect Privacy
- This article provides an opportunity for a lively discussion about privacy and security. Prior to discussing the article ask the class how safe they believe their personal data is. Then ask them about their voting record and how secure they believe that information is.
- Divide the class into small groups. Ask each group to locate a recent news article about a data breach or other example of leaked confidential information. Groups should create a presentation or report to share their findings with the class.
- As an individual project, ask students to research privacy and security issues as they pertain to databases and create a list of best practices that should be used to keep databases secure.