In a study of US and European political parties’ security postures, researchers at the security-monitoring company SecurityScorecard found that while the Democratic National Committee had made “significant investments” in security since being hacked in 2016, the Democrats still lagged behind the Republican National Committee’s defenses. And both parties have problems that could still leak personally identifying information about voters.
According to the report, one major US political party was “programmatically leaking” personal information about voters through a voting validation application “which enumerates voter name, date of birth and address via search terms,” the researchers noted. The vulnerability was disclosed to the party involved and other “appropriate parties.”
SecurityScorecard’s team looked at the DNC, RNC, Green Party, and Libertarian Party in the US. The Green Party had the best overall scores for security measures, while the Libertarian Party had a more laissez-faire approach to information security than the others—with a failing grade for its management of its domain name records, specifically for a total absence of Sender Protection Framework (SPF) records. The lack of SPF records means that it’s more likely Libertarian Party domains could be spoofed in spear-phishing campaigns like those that were used to target the DNC in 2016. The Libertarians did come out ahead on network security scores, however.