Election officials in the US Capital claim a ransomware gang may have stolen their full voter list, which contains the personal data of all District of Columbia registered voters.
The DC Board of Elections (DCBOE) initially learned about the attack on October 5, when a criminal organization going by the name of RansomVC claimed to have gained access to 600,000 pieces of US voter data, including DC voter records, on a server belonging to DataNet Systems, the company that hosts the agency’s website.
Although DCBOE claims that none of its own internal databases or servers were accessed, DataNet’s servers contained crucial information.
The voting agency stated in a Friday update posted on its website that the break-in now seemed worse than it initially assumed. 15 days after the original attack, the DCBOE discovered during a daily check-in conversation with DataNet Systems that the compromised server “did contain a copy of the DCBOE’s voter roll.”
“DataNet Systems confirmed that bad actors may have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver’s license numbers, dates of birth, and contact information such as phone numbers and email addresses,” the organization stated.
The document stated that the service provider was unable to say with certainty “if or when” the incident occurred or “how many, if any, voter records were accessed.” All registered voters will now be contacted, according to the elections agency, which has also hired Mandiant to help with incident response.
The statement stated that the inquiry “remains active and ongoing.” “DCBOE will release its full findings when they are available.” As of Monday morning, the organization has no new information to share, according to DCBOE spokesman Sarah Winn Graham.
To further its investigation of the breach, DCBOE is collaborating with federal law enforcement and government organizations like the FBI, the Multi-State Information Sharing and Analysis Center, the US Department of Homeland Security, and the Office of the Chief Technology Officer.
The elections agency shut down its website and began checking its database, server, and IT networks for vulnerabilities as soon as it became aware of the event in early October.
“Voter registration remains open, active, and secure for District of Columbia residents,” according to DCBOE, even though the website is still unavailable and has a message informing users that it is undergoing maintenance.
In September, a new extortion group called RansomVC, also known as Ransomed.vc, claimed to have broken into Sony and the Japanese cell carrier NTT Docomo.