Security firm UpGuard has found an unsecured data cache belonging to Canadian data analytics firm AggregateIQ, which has alleged links to Cambridge Analytica, a company that has been in the news recently for using Facebook data to help political clients.
The data was found by UpGuard's Cyber Risk director Chris Vickery on 20 March.
In recent days, Facebook has had to battle claims that data breaches led to information about 50 million of its users being siphoned off by Cambridge Analytica, a voter-profiling company that worked on Donald Trump’s election campaign.
In a blog post, UpGuard said the applications and Web assets that had been found were customised for the campaign of Republican Ted Cruz in the 2016 US presidential campaign, Republican Governor Greg Abbott and a number of foreign political figures.
{loadposition sam08}UpGuard said the data it had found "appear to be nothing less than mechanisms capable of organising vast quantities of data about individuals, measuring how they are being influenced or reached by advertising, and even tracking their Internet browsing behaviour".
UpGuard said it would be releasing further reports about this data find which it claimed could be explosive. However, the current disclosure seems to be anything but that.
The firm said that there was evidence within the cache that AggregateIQ had ties to Cambridge Analytica.
UpGuard regularly finds unsecured data caches on the Web. Its last find, however, turned out to be not what was promised: the firm initially claimed that data from financial firm Capital One had been exposed in a cloud-based data storage repository used by business analytics software provider Birst, that had been left unsecured.
But Capital One contested these claims, as did Birst. UpGuard then took down its original post, while it discussed the matter with Capital One. An updated post was then released.
In the past, UpGuard has found data from an insurance firm exposed in an unsecured NAS device. It has also found misconfigured Amazon Web Services S3 buckets leaking data from Paris-based brand marketing company Octoly, California data analytics firm Alteryx, credit repair service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.