The District of Columbia Board of Elections (DCBOE) on Friday confirmed that voter records were compromised in a data breach at a third-party services provider.
An independent agency of the District of Columbia Government, the DCBOE is responsible for the administration of ballot access, elections, and voter registration.
“On 10/5, DCBOE became aware of a cybersecurity incident involving DC voter records. While the incident remains under investigation, DCBOE’s internal databases and servers were not compromised,” the agency announced on Friday.
According to DCBOE’s official statement, the data breach occurred at DataNet, which provides website hosting services to the agency.
The incident came to light after a relatively new ransomware group named RansomedVC claimed to have breached DCBOE’s systems, exfiltrating more than 600,000 lines of US voter records.
The stolen information, DataBreaches reports, includes names, driver’s license numbers, phone numbers, birth dates, addresses, email addresses, partial Social Security numbers, voter IDs, registration dates, political party affiliation, and polling place.
Most of the compromised information, DCBOE notes in its official statement, is typically public, except for cases where “it has been made confidential in accordance with District of Columbia rules and regulations”. By law, this information can be easily obtained from DCBOE upon request.
The agency also says that, after learning of the data breach, it immediately launched an investigation, with assistance from data security and federal government partners, including MS-ISAC, the FBI, DHS, and OCTO.
DCBOE also took down its website, replacing it with a maintenance page, and conducted vulnerability scans on its database, server, and IT networks.
“DCBOE continues to assess the full extent of the breach, identify vulnerabilities, and take appropriate measures to secure voter data and systems,” the agency notes, promising additional information as it becomes available.
RansomedVC says it plans to sell the stolen data – not all of which can be obtained legally from DCBOE – to a single buyer, but did not share details on the price.
The hacking group recently claimed to have breached Sony’s systems, obtaining source code, access to Sony applications, and confidential documents. Sony told SecurityWeek that it has identified unauthorized activity on a single server located in Japan.
Related: Cyber Insights 2023 | Regulations