DNC Data Breach: What Happened and What It Means for Bernie Sanders' Campaign
A Sanders campaign staffer was fired for accessing Clinton campaign data.
— -- A Bernie Sanders campaign staffer was fired on Wednesday after allegedly accessing data from the Hillary Clinton campaign, and it has created quite a problem for the Sanders campaign.
The Democratic National Committee had earlier suspended the Sanders campaign's access to its voter data. ABC News had learned that the Sanders campaign filed a lawsuit Friday with the US District Court of DC against the Party - suing the DNC for “breach of contract."
However, Michael Briggs, a spokesperson for the Sanders campaign, later told ABC News Friday: "It's resolved. DNC capitulated. We get to see voter files by Saturday morning."
The resolution to the issue was also confirmed by the Democratic National Committee in a statement:
“The Sanders campaign has now complied with the DNC’s request to provide the information that we have requested of them. Based on this information, we are restoring the Sanders campaign’s access to the voter file, but will continue to investigate to ensure that the data that was inappropriately accessed has been deleted and is no longer in possession of the Sanders campaign. The Sanders campaign has agreed to fully cooperate with the continuing DNC investigation of this breach.”
Sanders campaign officials defended themselves during a news conference Friday, saying they are running a "clean" campaign and that they in fact "alerted" the DNC two months ago that campaign data was available to others.
The campaign emphasized that this is not the first time the technology company "allows" serious "failures" to happen, and that Sanders' campaign no longer has any of the Clinton campaign’s data.
Documents obtained by ABC News show at least four individual Sanders staffers accessed Clinton voter data during a security glitch and saved the data.
The situation has turned into a he-said-she-said debate of what happened, but here’s a breakdown of the latest on the DNC voter database breach:
What Kind of Information Was Accessed by the Sanders Staffer and How:
The technology company, NGP VAN, gets voter information from “public voter registration data," according to a current user of the database who is not related to the investigation, does not work for the DNC or either campaigns.
NGP VAN purchases that information from state election boards or secretary of state offices. The DNC hires NGP VAN, and the "DNC then goes into a contractual agreement to make the database available to democratic campaigns,” the user told ABC News.
In the database provided by the DNC, all campaigns have access to basic voter ID information: name, phone number and address of a Democratic voter.
Each campaign uses that information to contact voters and collect their own details like the voter's support level for a candidate, how persuadable the voter is, and specific issues the voter is interested in. So the Sanders and Clinton camps could have two different voter profiles for the same voter.
In this instance, the Sanders campaign could have seen what information the other campaign might have collected on someone -- potentially valuable information for a rival campaign.
If the Clinton campaign has marked someone as a surefire Clinton supporter, then the Sanders campaign wouldn’t bother with that voter. But if the Clinton campaign marked them as "on the fence” and interested in “college tuition,” for example, or a Sanders donor, then the Sanders campaign would want to try really hard to get that person to the polls.
What the Sanders Campaign Is Saying
In a news conference outside Sanders' campaign headquarters Friday in Washington, D.C., Jeff Weaver, Sanders’ campaign manager, blamed the incident on the DNC and the software vendor used by the DNC.
"Two months ago, shortly after our digital vendor that conducts modelling for our campaign told us that there was a failure in the firewall that prevents campaigns from seeing one another's data. We contacted the DNC and told them about this failure," Weaver said Friday.
It was "dangerous incompetence, and it was our campaign that alerted them that the campaign data was being made available to other campaigns," Weaver said.
Weaver also acknowledged that more than one staffer may be involved: “It was clear that some of the staffers irresponsibly accessed some of the data from another campaign, and that behavior is unacceptable to the Sanders’ campaign.”
“We do not have any of their data, and we do not want their data. We are running a clean campaign, and we are going to beat Secretary Clinton and the campaign on the issues,” Weaver said. “We don’t need dirty tricks. That’s not how we run it.”
Weaver also called the DNC's suspension of the campaign's access to the voter data "unacceptable" and implied the organization was trying to sabotage the Vermont senator's campaign.
What the Sanders Staffer Is Saying
ABC News spoke to Josh Uretsky, the Sanders campaign staffer who was fired after viewing Clinton campaign data.
Uretsky said he was trying to investigate the data issue, to see what information was vulnerable on their end, so he could adequately report it to the software company. He said his team did not export any data. He said he intentionally left a record of what he was doing in the system and did not try to hide his actions.
“The breach was in no way our fault. I saw it and attempted to investigate and attempted to do it in a transparent manner,” he said. “To my knowledge, we did not take anything out of the system it was in and did not gain anything out of it. We saw a security breach and we tried to assess it and understand it.”
When asked why he did not simply raise his hand immediately and poked around in the system at all, he emphasized he was intentionally being "transparent."
"You see something, you investigate it first. ... I knew full well that I was creating a record that the administrators could see," Uretsky said.
Uretsky said he had been with the campaign for three months.
What the DNC Is Saying
"Once the DNC became aware that the Sanders campaign had inappropriately and systematically accessed Clinton campaign data, and in doing so violated the agreement that all the presidential campaigns have signed with the DNC, as the agreement provides, we directed NGP VAN to suspend the Sanders campaign's access to the system until the DNC is provided with a full accounting of whether or not this information was used and the way in which it was disposed. I have personally reached out to Senator Sanders to make sure that he is aware of the situation. When we receive this report from the Sanders campaign, we will make a determination on re-enabling the campaign's access to the system," DNC Chairwoman Debbie Wasserman Schultz said in a statement Friday.
"Upon being made aware of the situation, the DNC immediately directed NGP VAN to conduct a thorough analysis to identify any users who may have accessed data inappropriately and pinpoint exactly what actions any such users took in the system, and to report these findings to the DNC," the statement read.
Wasserman Schultz, D-Florida, said Friday she was troubled by the Sanders campaign taking advantage of the software glitch to access the Clinton campaign’s voter data.
“It was a temporary glitch through a software patch that opened this window. The troubling thing is that one campaign took advantage of the opening of that window, and accessed the information of the other,” she said in an interview off the House floor.
“We want to make sure we’re not just taking our vendor’s word for it or the Sanders’ campaign,” she said.
Wasserman Schultz said she has confidence in the integrity of the DNC’s data system after the episode.
Wasserman Schultz also told MSNBC on Friday that the “Sanders campaign not only viewed the Clinton campaign's proprietary data, but from what we're being told, downloaded it, exported it and downloaded it. We have a variety of back-and-forth."
What DNC and NGP VAN Critics Are Saying
A former senior Democratic Party staffer who works specifically in data and tech told ABC News: “The data breach was 100 percent NGP VAN ’s fault” and argued that the Sanders campaign “has a strong leg to stand on” in arguing that their access to the main voter files be reinstated.
“I’d be saying, ‘your vendor made a mistake, your tool was broken, don’t blame us,’” the former senior party staffer said.
A petition on moveon.org, which has gathered over 100,000 signatures, is demanding that Wasserman Schultz reinstate Sanders’s access to the voter file.
What NGP VAN Is Saying
Stu Trevelyan, CEO of NGP VAN, said in the company’s 19-year history, they have not had a problem with security and privacy of their customers’ data as it is their "top priority."
“The one area that was impacted was voter file data," Trevelyan said in a statement obtained by ABC News. "We are confident at this point that no campaigns have access to or have retained any voter file data of any other clients; with one possible exception, one of the presidential campaigns. NGP VAN is providing a thorough report to the DNC on what happened and conducting a review to ensure the integrity of the system."
"We immediately began an audit to determine if any users had intentionally or unintentionally gained access to data they normally would not have access to. And determined that only one campaign took actions that could possibly have led to it retaining data to which it should not have had access," Trevelyan said.
At the request of the DNC on Thursday, Sanders campaign access was suspended, the company said, emphasizing that the company played no role in making that decision, and "contractually" could not.
What the Clinton Campaign Is Saying
“We were informed that our proprietary data was breached by Sanders campaign staff in 25 searches by four different accounts and that this data was saved into the Sanders' campaign account. We are asking that the Sanders campaign and the DNC work expeditiously to ensure that our data is not in the Sanders campaign's account and that the Sanders campaign only have access to their own data," Hillary for America National Press Secretary Brian Fallon said in a statement Friday.
How It Could Affect the Sanders Campaign
Had the DNC's suspension of the Sanders campaign's party voter data continued -- the presidential hopeful’s field organizing and campaigning efforts could have been affected six weeks before the first primary votes are cast in the Iowa caucuses.
What Happens Now
The DNC has ordered NGP VAN -- the technology company -- to conduct an audit.
"The DNC has directed NGP VAN to begin a review process of their internal procedures to identify how this mistake was allowed to happen and prevent further such mistakes. In addition to this full and complete internal audit which we have instructed NGP VAN to conduct, we are also beginning the process of securing an independent audit by a data security firm of the company’s procedures.
ABC News' Benjamin Siegel, Josh Haskell and Liz Kreutz contributed to this report.
Get real-time updates as this story unfolds. To start, just "star" this story in ABC News' phone app. Download ABC News for iPhone here or ABC News for Android here.
Related Stories
ABC News Live