The Democratic National Committee has suspended Bernie Sanders’ access to the party’s 50-state voter file in response to a software glitch that allowed the Sanders campaign to access Hillary Clinton’s internal voter data.
The DNC move effectively freezes Sanders' field organizing program six weeks from the first caucuses and primaries.
The breach occurred on Wednesday, a DNC official confirmed, through the NGP VAN, the leading technology company that allows campaigns to identify voters, as well as monitor their preferences and leanings, in what’s called the 50-state voter file. For a “brief window" — about 30 minutes, an official said — a bug in the software exposed the campaigns' internal “voter ID” data.
During that period, the Sanders campaign discovered the breach, accessed the Clinton campaign’s data, then called the vendor to point out the flaw, according to the official. The DNC has since cut off Sanders’ access to the voter file — until his campaign officials can “prove” they’ve deleted the Clinton data.
“The DNC places a high priority on maintaining the security of our system and protecting the data on it,” said the committee’s communications director, Luis Miranda. “We are working with our campaigns and the vendor to have full clarity on the extent of the breach, ensure that this isolated incident does not happen again, and to enable our campaigns to continue engaging voters on the issues that matter most to them and their families."
The period in which proprietary voter file data was available to all campaigns did not affect the overall integrity of the data itself, according to the DNC. No private data was leaked outside the NGP system. The DNC official also stressed that the breach was the fault of the vendor NGP VAN, not the DNC. Still, the DNC is ultimately considered responsible for the security of the NGP VAN.
The Sanders campaign also laid the blame on NGP VAN.
"Sadly, the vendor who runs the DNC's voter file program continues to make serious errors," Michael Briggs, Sanders' top communications aide, told BuzzFeed News.
Sanders fired one of four aides who accessed the Clinton data: national data director Josh Uretsky. Later, the campaign suspended two other aides.
Briggs also said on Thursday that on "more than one occasion," the vendor had "dropped the firewall between the data of different Democratic campaigns." At the time of the prior incident, Briggs said, the campaign alerted the DNC to the error. On Friday, however, Uretsky said on MSNBC and CNN that the prior breach cited by Briggs actually hadn't occurred within NGP VAN. "It was another system," he said.
The incident could pose a devastating setback for Sanders so close to the start of the Democratic primary: Until access is restored to the NGP VAN, the candidate’s organizers will have to perform the basic functions of the field program — phone banks, voter contact, visibility — without an electronic system centralizing their efforts.
"After discussion with the DNC, it became clear that one of our staffers accessed some modeling data from another campaign," Briggs said. "That behavior is unacceptable, and that staffer was immediately fired."
Miranda said that the party has directed the NGP VAN to “conduct a thorough analysis to identify any users who accessed the data, what actions they took in the system, and to report on the findings to the Party and any affected campaign.”
The organization will also begin a review process with every Democratic campaign and NGP VAN user, said Miranda, to “ensure they understand and abide by the rules governing the use of the system.”