DC Board of Elections hit with major hack by  cybercriminals who stole voter data and records

>

  • The data breach was carried out earlier this month by a well-known hacking group
  • Voter information, such as driver’s licenses, is now on the dark web
  • The FBI and Department of Homeland Security are assisting in the investigation
  • Read more: Details 40 million voters were exposed to a cyber attack

Thousands of Americans’ Social Security numbers, driver’s licenses, and other personal information were stolen from a voter registration agency.

The District of Columbia Board of Elections (DCBOE) revealed that its entire voter roll systems were accessed in a data breach this month, allowing hackers to identify specific individuals.

A hacking group known as RansomVC gained access to 600,000 lines of data, including D.C. voter records, and is now selling the data on the dark web.

DCBOE said it is working with federal government partners, such as the Department of Homeland Security and the Federal Bureau of Investigation (FBI), to resolve the issue — and did not reveal how significant the hack was.

Thousands of Americans' Social Security numbers, driver's licenses, and other personal information were stolen from a voter registration agency.  The District of Columbia Board of Elections revealed that its entire voter roll systems were accessed in a data breach this month

Thousands of Americans’ Social Security numbers, driver’s licenses, and other personal information were stolen from a voter registration agency. The District of Columbia Board of Elections revealed that its entire voter roll systems were accessed in a data breach this month

The data breach occurred on October 5, which saw RansomVC access the web server of DataNet, the hosting provider, which DCBOE shared in an October 6 press release.

DCBOE also shared that the stolen data came from voters participating in its drawing process from August 9, 2019 to January 25, 2022.

But the agency claims that fewer than 4,000 voters were affected.

While the majority of the information is public record, such as address and political affiliation, partial Social Security numbers and driver’s licenses have been accessed, enough information for hackers to piece together individual identities.

“Once reviewed internally, DCBOE will share the accurate voter information accessed and will contact affected individuals,” a statement from the board said.

Roger Grimes, data-driven defense advocate at KnowBe4, commented on the potential for breaches of this type to enable further criminal activity.

A hacking group known as RansomVC gained access to 600,000 lines of data, including D.C. voter records, and is now selling the data on the dark web.  The agency closed its website until further notice but noted that D.C. residents are safe to register to vote

A hacking group known as RansomVC gained access to 600,000 lines of data, including D.C. voter records, and is now selling the data on the dark web. The agency closed its website until further notice but noted that D.C. residents are safe to register to vote

“As always, these types of data breach incidents invite malicious actors to be able to create more specific phishing emails where potential victims are contacted by a sender claiming to be a legitimate contact,” Grimes said.

“Including stolen details allows the attacker to appear more legitimate than if he did not have the stolen data.”

“Phishing emails are much more likely to put potential victims at risk than generic phishing emails that contain no private details about the victim.”

DCBOE said it plans to contact all registered voters soon and work with cybersecurity consulting firm Mandiant to take next steps.

The agency has closed its website until further notice but shared that D.C. residents are as well Safe to register to vote.

(Tags for translation)dailymail