The District of Columbia Board of Elections (DCBOE) is investigating a potential breach of the entire voter roll after a threat actor targeted a web server operated by DataNet Systems in early October.
Furthermore, this breach may have exposed personally identifiable information (PII) of all registered voters, including driver’s license numbers, dates of birth, partial social security numbers, and contact information. While the exact extent of the breach is unknown, the DCBOE is acting cautiously, engaging with Mandiant, a cybersecurity consulting firm, to assist with the next steps. They plan to reach out to all registered voters to address the situation.
Additionally, the incident came to light on October 5, 2023, when the DCBOE discovered a breach involving a threat actor known as RansomVC, claiming to have stolen 600,000 lines of U.S. voter data, including D.C. voter records. The DCBOE collaborated with MS-ISAC’s Computer Incident Response Team to respond, taking down their website upon identifying it as the source of the breach. Investigations revealed that attackers accessed the information through DataNet’s web server, the hosting provider for Washington D.C.’s election authority, rather than directly compromising DCBOE databases or servers.
Despite the breach’s impact, an anonymous source revealed that the stolen database was initially offered for sale on hacking forums by a user named pwncoder, and RansomedVC is not the only threat actor selling the data. The authenticity of the data claims is yet to be confirmed, raising concerns about the security of voter information. The DCBOE is working with external security experts, the FBI, and the Department of Homeland Security to investigate the extent of the breach and secure voter data and systems.