The District of Columbia Board of Elections (DCBOE) is currently investigating a data leak that involves an unknown number of voter records. The breach claims originated from RansomedVC, a threat actor. DCBOE, an autonomous agency responsible for overseeing elections and voter registration processes, discovered that the attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.’s election authority. However, DCBOE’s internal systems and servers were not directly compromised.
To contain the situation and investigate further, DCBOE cooperated with MS-ISAC’s Computer Incident Response Team (CIRT). They temporarily took down their website and replaced it with a maintenance page. The election board collaborated with data security experts, the Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS) to conduct a comprehensive security assessment of their internal systems. Vulnerability scans were also initiated across the database, server, and IT networks to identify potential security issues that may have allowed the attackers to access the stolen information.
The threat actor, RansomedVC, claims to have stolen over 600,000 lines of U.S. voter data, which includes records of D.C. voters. They are currently offering the stolen information for sale on the dark web. They provided a single record as proof of the data’s authenticity, containing personal details such as a voter’s name, registration ID, voter ID, partial Social Security number, driver’s license number, date of birth, phone number, and email.
It should be noted that certain voter registration data, such as names, addresses, voting records, and party affiliation, is public information in the District of Columbia, unless specified confidential according to the rules and regulations. However, confidential information such as voters’ contact information and SSNs is not provided by election authorities.
RansomedVC had claimed responsibility for the breach and the subsequent sale of the data on their leak site. However, an anonymous source previously reported that the stolen database was initially put up for sale on hacking forums by a user called pwncoder. Recent claims made by RansomedVC about breaching Sony’s systems were also disputed by another threat actor named MajorNelson.
Please note that BleepingComputer, the source of this information, could not independently verify the authenticity of the data or the claims made by the threat actors.
