Bernie Sanders campaign claims software vendor NGP VAN exposed voter data multiple times
The Democratic National Committee (DNC) has suspended the Bernie Sanders presidential campaign from access to its database of Democratic voter information after a staffer on the Sanders campaign improperly accessed proprietary data belonging to the rival campaign of Hillary Clinton, the Washington Post reported today.
The Sanders campaign announced that it has fired the staffer over the incident. However, the campaign has also gone on the offensive, insisting not only that the software vendor, NGP VAN, was responsible for this incident, but has failed to prevent unauthorized access to campaign data in the past.
NGP VAN manages the master file for the database, which is maintained by the DNC but contains proprietary information on each campaign that is intended to be protected by firewalls. On Wednesday, NGP VAN issued a software patch that "briefly opened a window into proprietary information from other campaigns," the Washington Post reported.
In a statement on the company's blog, NGP VAN CEO Stu Trevelyan apologized to the Clinton and Sanders campaigns and explained how the data was able to be viewed:
"On Wednesday morning, there was a release of VAN code. Unfortunately, it contained a bug. For a brief window, the voter data that is always searchable across campaigns in VoteBuilder included client scores it should not have, on a specific part of the VAN system. So for voters that a user already had access to, that user was able to search by and view (but not export or save or act on) some attributes that came from another campaign."
The Sanders campaign's national data director, Josh Uretsky, viewed the data and directed three employees to do the same, the Washington Post reported. On Friday, Sanders campaign spokesman Michael Briggs told CNN that accessing the data was "unacceptable" and confirmed that Uretsky had been fired.
However, Briggs put equal blame on NGP VAN, accusing the software vendor of failing to protect the voter data on a repeated basis.
"Our campaign months ago alerted the DNC to the fact that campaign data was being made available to other campaigns. At that time our campaign did not run to the media, relying instead on assurances from the vendor," Briggs said, according to CNN.
"Unfortunately, yesterday, the vendor once again dropped the firewall between the campaigns for some data," he added. "After discussion with the DNC it became clear that one of our staffers accessed some modeling data from another campaign."
In a separate interview with CNN, Uretsky also claimed NGP VAN's firewalls had failed in the past.
"This wasn't the first time we identified a bad breach," he said, confirming to CNN that the Sanders campaign reported another breach to the DNC in October. "We reported it to them. They thanked us for reporting it and they told us the breach had been closed."
"In retrospect, I got a little panicky because our data was totally exposed, too," Uretsky said about the previous breach, according to CNN. "We had to have an assessment, and understand of how broad the exposure was and I had to document it so that I could try to calm down and think about what actually happened so that I could figure out how to protect our stuff."
Uretsky insists that he never accessed any data on the Clinton campaign, telling CNN that he and his staff were actually trying to "understand how badly the Sanders campaign's data was exposed."
"To the best of my knowledge, nobody took anything that would have given the (Sanders) campaign any benefit," Uretsky told CNN.
Uretsky says that after his team investigated the breach, they immediately reported it to the rest of the campaign, according to CNN. He insists that he planned to report the breach to the DNC, but that the DNC had learned of it before he could contact them, presumably from NGP VAN.
Regardless, Uretsky still took "full responsibility" in his statements to CNN, and his time with the campaign is over. The Sanders campaign, meanwhile, will remain suspended from accessing the DNC database's voter information indefinitely, "until it provides an explanation as well as assurances that all Clinton data has been destroyed," according to the Washington Post.
Found this article by COLIN NEAGLE - on Network World
Found this article by COLIN NEAGLE - on Network World
