What’s the Deal with the Sanders/Clinton Data Breach?

Recent reports about a Democratic National Committee database breach that allowed staff within the Sanders campaign access to Clinton’s proprietary voter data has sparked concern from both leading democratic candidates about data security.

by / December 22, 2015

The 2016 election cycle has been inundated with controversy that extends far past the normal wear and tear of politics and policy — it also has focused on the technological realm arguably more than any election before it. From Hillary Clinton’s personal email scandal to the breach of a voter database by a Bernie Sanders camp staffer, the focus on the digital world has been hard to miss in the headlines.

In mid-December, reports surfaced about a Democratic National Committee (DNC) database breach that allowed staff within the Sanders campaign to access Clinton’s proprietary voter data. The inside look at the competition’s information sparked a short-lived DNC suspension of the Sanders campaign from the database, the firing of the Sanders staffer and concern from both leading democratic candidates about data security.

According to Sanders, problems with the voter database, known as the NGP VAN system, came down to mistakes made by DNC’s third-party vendor. The vendor, Sanders alleged during the Dec. 19 Democratic Debate, “screwed up” and left the systems open to prying eyes on more than one occasion. 

“The DNC has hired vendors, on two occasions there were breaches of information,” he said during the most recent debate. "In this case, our staff did the wrong thing.” 

He said the first time data was exposed, his camp quickly and quietly notified the DNC of the problem. In the most recent incident last week, Sanders said staff did not act appropriately.

The Sanders campaign was suspended from access to its own database in the wake of the Clinton breach, which resulted in the filing of a Dec. 18 lawsuit. In a statement from the DNC, Chair Rep. Debbie Wasserman Schultz said Sanders’ campaign had “inappropriately accessed” data belonging to Clinton's campaign. 

Wasserman also pointed out that the information had been compromised because of a software patch and not a hack on the part of Sanders’ staff.

"Earlier this week, an incident briefly allowed users on the NGP VAN system to inadvertently access some data belonging to other campaigns. During this window, over the course of approximately 45 minutes, staffers of the Bernie Sanders campaign inappropriately accessed voter-targeting data belonging to the Hillary Clinton campaign. At no point were financial information, donor records or volunteer data exposed,” she said. "We consider the security of the NGP VAN system and the integrity of the data it contains a top priority. The error in the VAN software was fixed immediately, and we have been reassured by NGP VAN that the incident did not expose any data to the public or any external entity. This is an isolated incident resulting from a vendor software patch, not a hack, and the users who accessed data were secure users. All VAN data is now secure.”

Sanders’ Campaign Manager Jeff Weaver spoke to the allegations and pointed to the “dangerous incompetence” of the DNC vendor hired to manage the system, which had experienced issues prior to this breach. 

“First, this is not the first time that the vendor hired by the DNC to run the voter file program, NGP VAN, has allowed serious failures to occur. On more than one occasion, they have dropped the firewall between the data of competing Democratic campaigns. That is dangerous incompetence,” he said. “It was our campaign months ago that alerted the DNC to the fact that campaign data was being made available to other campaigns. At that time, our campaign did not run to the media, relying instead on assurances from the vendor that the problem would be resolved. Unfortunately, the other day, the vendor once again dropped the firewall between the campaigns for some data.”

Weaver confirmed that campaign staff had been fired for their role in the breach and said that all information belonging to the Clinton campaign had not been used. 

“That behavior is unacceptable to the Sanders campaign,” Weaver said. “We are now speaking to other staffers who might have been involved and further disciplinary action may be taken. Clearly, while that information was made available to our campaign because of the incompetence of the vendor, it should not have been looked at. Period.”

The campaign manager went on to call the actions taken by the DNC an “inappropriate overreaction” and alleged that some within the leadership were intentionally trying to undermine the grassroots campaign.

“In other words, by their action, the leadership of the Democratic National Committee is now actively attempting to undermine our campaign. This is unacceptable," he said. "Individual leaders of the DNC can support Hillary Clinton in any way they want, but they are not going to sabotage our campaign — one of the strongest grassroots campaigns in modern history."

On Dec. 19, the DNC chair confirmed that the Sanders campaign had complied with requests for information, and that the access to the system had been restored while an investigation is launched.

During the Democratic Debate in New Hampshire Saturday, Sanders apologized to Clinton and called for an independent investigation into the incident. “This is not the type of campaign we run," Sanders said. "And if I find anybody else involved, they will also be fired."

Eyragon Eidam Web Editor

Eyragon Eidam is the Web editor for Government Technology magazine, after previously serving as  assistant news editor and covering such topics as legislation, social media and public safety. He can be reached at eeidam@erepublic.com.