Voter Records for 2 Million Iowans Exposed on GOP SiteThe data included names,

1. Voter Records for 2 Million Iowans Exposed on GOP Site
2. The data included names, phone numbers and voting records
3. By RYAN KNUTSON
4. Feb. 4, 2016 11:16 a.m. ET
5. 3 COMMENTS
6. A security gap on the website of the Republican Party of Iowa left exposed personal information on roughly 2 million people, including names, phone numbers and voting records.
7.  
8. The database, which was removed from IowaGOP.org after an inquiry by The Wall Street Journal, included information on Republicans, Democrats and independents that are registered to vote in the state. The records include birth dates, addresses and party affiliations.
9.  
10. The voting records don’t say who a person voted for, just whether or not they voted. It includes presidential primary and general election records, as well as state, local and school board elections dating back decades.
11.  
12. The database, which is a collection of public records, can be purchased from the Iowa Secretary of State, typically for $1,500 to $1,800. Buyers must promise to only use the information for political purposes.
13.  
14. Kevin Hall, a spokesman for the Iowa Secretary of State, said the posting was clearly accidental. “It is a violation of the law for the list to be used for something other than political purpose or bona fide political research, but that doesn’t appear that’s what [the Republican Party of Iowa] was doing,” he said.
15.  
16. The Iowa GOP didn’t immediately respond to a request for comment Thursday.
17.  
18. The database appears to have been used for a feature on the website that allowed Iowans to look up their closest caucus location. The underlying database could be found by looking at the source code for that Web page, a task anyone can do with a Web browser.
19.  
20. Neill Feather, president of SiteLock, which sells security services for websites, said the information would be “fairly easy to find” for anyone looking for it, especially since the website is relatively high profile.
21.  
22. “We see this type of issue occur quite a bit when websites are created quickly,” he said, when told of how the database was found. “Or with less experienced personnel who do not understand security best practices.”
23.  
24. The exposed data was discovered by an Iowa caucus goer who was looking for a list of caucus locations to visit on the Iowa GOP website, and alerted the Journal of the unencrypted database.
25.  
26. Write to Ryan Knutson at ryan.knutson@wsj.com