Politicians, their staff, and those organizations that support their campaigning efforts should be among the last people to get their hands on American data. This, if nothing else, should be your takeaway from the most recent chapter of the 2016 presidential election. No matter who you’re voting for, (Full disclosure: I’m a registered Democrat, leaning towards Bernie Sanders (no relation)) our aspirant leaders don’t appear to know how computers work in general or how information security works specifically, and the companies they work with are really, really good at losing your information.

Let’s start with a story from a few weeks ago: Hillary Clinton accusing Bernie Sanders of “hacking” her campaign. I’m sure you’ve all read this story by now and formed your own opinion, so I’ll not dwell on it too long. Briefly, both the Clinton and Sanders campaigns have access to a shared database of voter information run by the DNC and provided by a company called NGP VAN. While both sides get the same basic data, the Clinton campaign may know some things about you that the Sanders campaign doesn’t, and vice versa. It is these little differences in voter data that may provide one side or the other with some fundraising advantage. This additional data is jealously guarded. However, NGP VAN is not great at maintaining its software–a bug allowed staffers from the Bernie Sanders campaign to have a look at some of Clinton’s confidential data. The Clinton campaign blew its collective top, the DNC overreacted, lawsuits were filed, etc. etc. ad nauseum.

The staffer responsible for looking at this data, one Jason Uretsky, said that he was only trying to determine the extent of the breach before filing a bug report. Although he has since been let go, in a sane world different from the one we inhabit, he would have been believed.  That’s because of an important concept in bug reporting, known as “reproducibility.”

Remember how 90% of bugs can be solved by closing whatever program you’re working on, turning off the computer, and turning it on again? Sometimes programs have random hiccups that don’t indicate systemic problems. Sometimes they do. In order for software developers to understand what’s going on with a bug, and how to fix it, they need to see it reproduced several times and under several conditions. So, if a bug in your campaign software lets you look at opposition data, and you’re trying to write up a decent bug report, you’re going to want to see how to trigger that bug again.

Thus, when Uretsky was looking at Clinton’s data, looking at it again, saving lists, and so on, that may have looked to an untutored or opportunistic observer as though he was stealing data from the Clinton campaign. Again, I’m a Bernie supporter, so take this viewpoint with a grain of salt, but it looks like Clinton took a typical IT-support molehill and turned it into a mountain.

As I’ve said before, and will say again (and again, and again), producing a crappy product is not the same as getting hacked. If you produce a software product with a bug, and someone finds that bug, blaming the person who finds the bug is an awful, disingenuous thing to do, and you deserve whatever karmic justice that the internet metes out. And, by the way, companies like NGP VAN make terrible products.

Just two days ago as of this writing, a massive database, comprising nearly 200 million voter records, was found leaked on the internet. People are going to try to tell you that this data breach isn’t necessarily bad, but it is. It’s really, really bad.

The reason why people are going to try to mitigate the significance of this data breach is because, technically, if you’ve ever voted, your voter information is publically available somewhere. However, the difference between “publically available” and “easily available” is comically large. Some states only allow voter information to be seen by residents of that state. Other states don’t store voter information in centralized databases, so you need to call offices at the town or county level in order to get at it. The relative difficulty of accessing voter records is the reason why companies such as NGP VAN exist in the first place. They’ve taken over the task of aggregating voter information–thus, only a company such as NGP VAN could be the source of this breach in the first place.

While this breach only happened recently, the story is already fading from the media, because everyone who would have reported more thoroughly is presumably still digesting their Christmas dinner. It is, nonetheless, a major event. The bug that affected the Clinton campaign took place during a more favorable point in the news cycle, but its ramifications were a pip-squeak by comparison. If nothing else, this proves that as we move into the new year, politicians and their enablers have no idea how to protect your data, and they have no interest in learning how to apportion blame.