Vermont socialist Sen. Bernie Sanders, left, and former Secretary of State Hillary Clinton, right. (Photo: AP)
The Democratic National Committee has revoked Bernie Sanders’ access to the party’s master voter list after his operative hacked into voter data for Hillary Clinton’s campaign.
The Washington Post reported late Thursday that Sanders’ campaign manager acknowledged a staffer had viewed the information and was subsequently fired. The Post reported that the DNC told the socialist’s campaign that it will not have access to the party’s master list of likely Democratic voters until it provides a further detailed explanation and destroys any copies of Clinton campaign data that it stole.
The DNC rents out the master list to national and state campaigns. Michael Briggs, a spokesman for the Sanders campaign, sought to deflect blame for the hack on a vendor and “low-level” staffer, which in the former’s case is NGP VAN.
“Sadly, the vendor who runs the DNC’s voter file program continues to make serious errors. On more than one occasion, the vendor has dropped the firewall between the data of different Democratic campaigns,” he said in a statement to Fox News. While saying it was “unacceptable” for a campaign staffer to access “some modeling data from another campaign,” he also said they want to work with the DNC and vendor to fix the “software flaws” that could make Sanders’ records vulnerable as well.
Stu Trevelyan, the company’s CEO, told the Post the hack was an “isolated incident that was fairly short in duration. By lunchtime, it was resolved.” The DNC apparently doesn’t trust the campaign’s or the company’s final say, thus will be going forward with an independent review process.
Dandy / December 18, 2015
First off there was no HACK.
The Author: Stu Trevelyan is the CEO of NGP VAN and has spent the last two decades helping causes and campaigns succeed through innovative use of technology. Reach him at stu(at)ngpvan(dot)com.
Updated 3:53 PM EST
Updating with additional information and clarification:
First, a one page-style report containing summary data on a list was saved out of VoteBuilder by one Sanders user. This is what some people have referred to as the “export” from VoteBuilder. As noted below, users were unable to export lists of people.
Second, there has been independent confirmation that NGP VAN has not received previous notice of a data breach regarding NGP VAN.
(at 5:47), and also on CNN, regarding the previous incident: “it wasn’t actually within the VAN VoteBuilder system, it was another system.”
The security and privacy of our customers’ data is a top priority. Over the company’s 19 year history, we’ve not had a problem with that; but on Wednesday, we did have a brief isolated issue for users of one of our products.
First, no NGP data was impacted by this situation, nor any Action ID or FastAction data. No client websites or web site data were impacted, either. For VAN clients, no myMembers, myWorkers, or myCampaigns data was impacted. The one area that was impacted was voter file data. We are confident at this point that no campaigns have access to or have retained any voter file data of any other clients; with one possible exception, one of the presidential campaigns. NGP VAN is providing a thorough report to the DNC on what happened and conducting a review to ensure the integrity of the system.
Here’s what happened.
On Wednesday morning, there was a release of VAN code. Unfortunately, it contained a bug. For a brief window, the voter data that is always searchable across campaigns in VoteBuilder included client scores it should not have, on a specific part of the VAN system. So for voters that a user already had access to, that user was able to search by and view (but not export or save or act on) some attributes that came from another campaign.
As soon as we realized that there was an issue, we immediately mobilized our engineers to investigate the source of the issue. While we investigated the issue, we restricted access to affected areas of the VAN product for all users and limited access to data exports. Engineers quickly discovered the problem, and developed a fix.
We immediately began an audit to determine if any users had intentionally or unintentionally gained access to data they normally would not have access to within the limited timeframe when the bug was live. Our team removed access to the affected data, and determined that only one campaign took actions that could possibly have led to it retaining data to which it should not have had access.
We are honored to work with the DNC, the Clinton campaign, and the Sanders campaign. At the request of the DNC on Thursday, Sanders campaign access was suspended pending the campaign reporting on its access of the data; NGP VAN played no role in making that decision, and contractually could not. Again, this bug was a brief isolated issue, and we are not aware of any previous reports of such data being inappropriately available. We look forward to supporting all our Democratic clients, and in particular apologize to the DNC, Clinton and Sanders campaigns for our bug Wednesday. We will continue to work with and report to the DNC regarding this issue to ensure that this isolated incident does not recur. We have and will do better.
Moving forward, we are adding to our safeguards around these issues. We have thousands of automated tests and extensive code review and release procedures in place to prevent these types of issues, and will add more. If any clients have any questions, feel free to contact me. Again, we are confident that your data is secure, and the security and privacy of your data is a top priority for us.
/