This story has been updated.
For forty minutes on Wednesday (Dec. 16), a few staffers working on Bernie Sanders’ campaign accidentally stumbled onto a presidential campaign cheat code: A software glitch revealed information about people Hillary Clinton’s team expects to vote in the presidential primaries, and which candidate they are expected to support.
The consequences of the glitch—which originated with Democratic campaign vendor NGP-VAN—could prove devastating to Sanders.
The Democratic party has locked his campaign out of its central voter database until it can figure out exactly what happened, which could hamstring Sanders’ efforts to identify voters and get them to the polls when voting starts early next year. The Iowa caucuses, which kick off voting for the Democratic and Republican nominees, are less than seven weeks away.
“It became clear that one of our staffers accessed some modeling data from another campaign,” Sanders’ campaign spokesperson told the New York Times. “That behavior is unacceptable and that staffer was immediately fired.”
The Sanders campaign is protesting the DNC’s decision to ban it from the database, promising to take the party to federal court today if it fails to reconsider the decision, with the campaign’s manager, Jeff Weaver, suggesting that party officials are trying to aid Clinton’s campaign. He also said he believed some of his campaign’s data was accessed during the breach.
Accounts associated with two Sanders staffers reportedly accessed the Clinton data, officials for the Democratic National Committee told Quartz. The fired employee is Josh Uretsky, an experienced manager of voter databases who was hired to run the campaign’s data operation in September.
“We investigated it for a short period of time to see the scope of the Sanders campaign’s exposure and then the breach was shut down, presumably by the vendor,” Uretsky told CNN. “We did not gain any material benefit.”
Bloomberg’s Jennifer Epstein reported, however, that the campaign created at least 24 lists from the Clinton data and saved them in personal folders, including information about groups of Clinton supporters in Iowa and New Hampshire.
The information accessed by the Sanders campaign is the lifeblood of modern political campaigns. Both major parties in the US maintain a national voter database that enables campaigns to find voters, persuade them with targeted messages, and eventually bring them to the polls on election day.
The files require constant maintenance by campaigns as voters move, pass on or shift their allegiances. Each day, campaign organizers knock on doors or make phone calls to prospective voters, returning to enter the information into the database for campaign strategists to consider.
Local and state campaigns can rent the lists and contribute data they gather to the party’s overall effort. But primary battles introduce a set of skewed incentives and a more complicated system, where rival campaigns renting the data also rely on internal firewalls to keep one campaign’s modifications from being seen by another. Once a nominee is selected, the data is rolled back together into a single database.
Among Democrats, the primary vendor for this kind of work is NGP-VAN, a company that grew from the merger of the top voter database firm (Voter Activation Network) and the most popular company that operated online donation systems (NGP software).
The company’s president, Stu Trevelyan, told reporters that the glitch that made Clinton’s campaign data visible occurred during a routine update to the software, and an audit is underway. He said that Sanders’ staff would not have been able to save or export any data they saw.
The Democrats are seen to have an edge in campaign technology over the Republicans—personified in Clinton’s own extensive internal tech-team and venture capital-backed main software vendor—but this snafu is a reminder of the dangers in complacency. The Republican voter list is managed by two companies—the GOP Data Trust and i360—and shared with the Republican National Committee, which has provided it free of charge to all Republican campaigns. There have been no reports of GOP data breaches so far.
For now, Sanders’ data team will need to scramble to come up with an alternate system to keep their volunteers and staff at work. Ironically—and perhaps a positive sign for Sanders if his campaign remains blocked from Democratic data—is that the leading national contender for the Republican party, Donald Trump, has not yet bothered to obtain access to a voter database.