Connect with us

Hi, what are you looking for?


Data Breaches

DC Board of Elections Discloses Data Breach

The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet.

The District of Columbia Board of Elections (DCBOE) on Friday confirmed that voter records were compromised in a data breach at a third-party services provider.

An independent agency of the District of Columbia Government, the DCBOE is responsible for the administration of ballot access, elections, and voter registration.

“On 10/5, DCBOE became aware of a cybersecurity incident involving DC voter records. While the incident remains under investigation, DCBOE’s internal databases and servers were not compromised,” the agency announced on Friday.

According to DCBOE’s official statement, the data breach occurred at DataNet, which provides website hosting services to the agency.

The incident came to light after a relatively new ransomware group named RansomedVC claimed to have breached DCBOE’s systems, exfiltrating more than 600,000 lines of US voter records.

The stolen information, DataBreaches reports, includes names, driver’s license numbers, phone numbers, birth dates, addresses, email addresses, partial Social Security numbers, voter IDs, registration dates, political party affiliation, and polling place.

Most of the compromised information, DCBOE notes in its official statement, is typically public, except for cases where “it has been made confidential in accordance with District of Columbia rules and regulations”. By law, this information can be easily obtained from DCBOE upon request.

The agency also says that, after learning of the data breach, it immediately launched an investigation, with assistance from data security and federal government partners, including MS-ISAC, the FBI, DHS, and OCTO.

Advertisement. Scroll to continue reading.

DCBOE also took down its website, replacing it with a maintenance page, and conducted vulnerability scans on its database, server, and IT networks.

“DCBOE continues to assess the full extent of the breach, identify vulnerabilities, and take appropriate measures to secure voter data and systems,” the agency notes, promising additional information as it becomes available.

RansomedVC says it plans to sell the stolen data – not all of which can be obtained legally from DCBOE – to a single buyer, but did not share details on the price.

The hacking group recently claimed to have breached Sony’s systems, obtaining source code, access to Sony applications, and confidential documents. Sony told SecurityWeek that it has identified unauthorized activity on a single server located in Japan.

Related: Hackers May Have Access to Information on Millions of British Voters, Election Commission Says

Related: Security Experts Warn of Foreign Cyber Threat to 2024 Voting

Related: Cyber Insights 2023 | Regulations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.