The District of Columbia Board of Elections (DCBOE) is actively investigating a potential data leak involving voter records following claims by a threat actor known as RansomedVC. The breach is said to have occurred through the web server of DataNet, the hosting provider for Washington D.C.’s election authority.
Notably, DCBOE stated that the breach did not involve a direct compromise of its internal databases and servers. Instead, it appears that the attackers gained access to voter records via the hosting provider’s infrastructure.
In response to the incident, DCBOE took swift action by taking down its website and replacing it with a maintenance page to contain the situation once it identified the breach’s source. The election board then engaged data security experts, the Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS) to conduct a comprehensive security assessment of its internal systems.
Additionally, vulnerability scans were initiated across DCBOE’s database, server, and IT networks to identify any potential security weaknesses that might have facilitated the attackers’ access to the stolen information.
RansomedVC, the threat actor behind the breach, claims to have stolen over 600,000 lines of U.S. voter data, which includes records of D.C. voters. The stolen data is currently being offered for sale on the dark web, although the exact price remains undisclosed.
To demonstrate the authenticity of the data, RansomedVC provided a single record containing personal details of a Washington D.C. voter, such as their name, registration ID, voter ID, partial Social Security number, driver’s license number, date of birth, phone number, and email. DCBOE clarified that while some voter registration data in the District of Columbia is public information, confidential details such as voters’ contact information and Social Security numbers are not accessible through election authorities.
References:
