Election Security Concerns Rise as D.C. Voter Data Gets Exposed

Reading Time: ( Word Count: )

October 7, 2023
Nextdoorsec-course

The Washington D.C. Election Board, known formally as the District of Columbia Board of Elections (DCBOE), is currently investigating an alleged data leak. This incident reportedly involves an undisclosed number of voter records and is claimed by a hacker named RansomedVC.

The DCBOE is a self-governing entity within the District of Columbia Government, responsible for organizing elections, ensuring ballot availability, and managing voter registration.

Early investigations suggest that the data breach originated from the web server of DataNet, which hosts the election authority’s site for Washington, D.C. This means that DCBOE’s core servers and systems were not directly infiltrated.

In a statement, the DCBOE confirmed, “On 10/5, an incident related to cybersecurity concerning D.C. voter records came to our attention. Although investigations are ongoing, we’d like to clarify that our internal databases and servers remain secure.”

Upon detecting the breach’s source, the DCBOE, in conjunction with the MS-ISAC’s Computer Incident Response Team (CIRT), temporarily deactivated its official website, opting for a maintenance page instead.

To address this issue, the election board has been collaborating with cybersecurity specialists, the Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS) to conduct an in-depth security evaluation of its internal systems.

Also Read: MGM Resorts Faces $100 Million Blow from Cyber Breach

D.C. Voter Data Gets Exposed

In addition, the DCBOE has launched extensive security scans of its databases, servers, and IT infrastructure to pinpoint possible vulnerabilities that might have been exploited during this breach.

RansomedVC claims to have seized over 600,000 records from U.S. voters, specifically from D.C. They stated, “We’ve successfully accessed the District of Columbia Board Of Elections, obtaining over 600k USA Voter records.”

These purportedly stolen records are now listed for sale on the hacker’s dark web portal, though the selling price remains unknown. As evidence, RansomedVC has released a single record, supposedly showcasing the details of a D.C. voter. This data comprises the person’s name, registration and voter IDs, a fragment of their Social Security number, driving license number, birth date, phone, and email, among other details.

The Washington election board clarified in a statement, “It’s worth noting that certain voter registration details in the District of Columbia, such as names, addresses, voting histories, and party associations, are public. However, this is unless they are specifically marked confidential as per D.C.’s guidelines.”

However, confidential details like contact numbers and Social Security numbers aren’t shared by election boards.

The news of this data leak first reached public knowledge through DataBreaches.net. According to RansomedVC, they intend to sell these records to a solitary buyer.

Amidst these developments, another revelation has emerged. An unnamed insider informed Prior to RansomedVC’s claims the stolen database was allegedly up for sale on hacking forums BreachForums and Sinister.ly by a user dubbed pwncoder, but these posts have since disappeared.

Moreover, while RansomedVC recently proclaimed a breach of Sony’s systems, obtaining over 260GB of data, another hacker named MajorNelson contested these claims. The latter even unveiled a 2.4 GB data file, supposedly sourced from Sony, on BreachForums.

Lucas Maes

Lucas Maes

Author

Cybersecurity guru, encryption wizard, safeguarding data with 10+ yrs of IT defense expertise. Speaker & author on digital protection.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *