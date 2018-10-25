Data belonging to a Democratic fundraising firm was mistakenly made publicly available, exposing sensitive files that may have been accessed by malicious actors based abroad.

A network-attached storage (NAS) device used by Rice Consulting was misconfigured in a manner that resulted in its contents being exposed online, according to the global cybersecurity firm Hacken, which detailed the discovery in a blog post Wednesday.

Included among the internal publicly available material found by Hacken was information on each of Rice Consulting’s clients, as well as files containing contact information, contracts, meeting notes and employee details, in addition to other data, wrote Bob Diachenko, Hacken’s director of cyber risk research.

The “most significant asset,” Mr. Diachenko wrote, was an unencrypted, publicly available Excel spreadsheet containing log-in credentials and passwords pertaining to various database resources, including NGP, a privately-owned company that provides voting-related services to clients within the Democratic Party.

Access logs also available indicated that the specific NAS device belonging to Rice Consulting was probed multiple times dating back to Feb. 22 from internet addresses associated with countries including Turkey, South Korea and Thailand dating back to Feb. 22, Mr. Diachenko wrote.

“We suppose that NAS information could have been accessed by non-authorized and even malicious actors,” he wrote in the blog post.

Hacken contacted Rice Consulting after becoming aware of the exposed information on Oct. 17, and public access to the NAS device was disabled the following day, the researcher added.

Rice Consulting did not immediately return a message seeking comment.

Based in Bel Air, Maryland, north of Baltimore, Rice Consulting boasts online that the firm “teamed with Democrats across Maryland to raise $4.32 million” in 2017.

“Rice Consulting has had the pleasure of working with the Maryland Democratic Party as well as countless Statewide, General Assembly, County and local elected officials and candidates,” according to their website.

Republicans, meanwhile, recently suffered a similar leak as well. Documents belonging to the Tea Party Patriots Citizens Fund were made publicly available as the result of a misconfigured database, cybersecurity firm Upguard announced last week, in turn exposing material including files involving the 2016 U.S. presidential race.

Hackers breached Democratic targets during the 2016 race and stole material subsequently leaked online as part of a broad interference campaign authorized by the Russian government, U.S. officials previously concluded. Moscow has denied meddling in U.S. elections, notwithstanding the Trump administration accusing Russia, China and Iran of attempting to influence American affairs as recently as last week.





