The District of Columbia Board of Elections (DCBOE) on Friday confirmed that voter information have been compromised in a data breach at a third-party companies supplier.
An impartial company of the District of Columbia Authorities, the DCBOE is answerable for the administration of poll entry, elections, and voter registration.
“On 10/5, DCBOE turned conscious of a cybersecurity incident involving DC voter information. Whereas the incident stays beneath investigation, DCBOE’s inside databases and servers weren’t compromised,” the company introduced on Friday.
In line with DCBOE’s official assertion, the data breach occurred at DataNet, which offers web site internet hosting companies to the company.
The incident got here to mild after a comparatively new ransomware group named RansomedVC claimed to have breached DCBOE’s methods, exfiltrating greater than 600,000 strains of US voter information.
The stolen info, DataBreaches experiences, contains names, driver’s license numbers, cellphone numbers, beginning dates, addresses, e mail addresses, partial Social Safety numbers, voter IDs, registration dates, political celebration affiliation, and polling place.
A lot of the compromised info, DCBOE notes in its official assertion, is often public, apart from instances the place “it has been made confidential in accordance with District of Columbia guidelines and rules”. By legislation, this info may be simply obtained from DCBOE upon request.
The company additionally says that, after studying of the data breach, it instantly launched an investigation, with help from information security and federal authorities companions, together with MS-ISAC, the FBI, DHS, and OCTO.
DCBOE additionally took down its web site, changing it with a upkeep web page, and performed vulnerability scans on its database, server, and IT networks.
“DCBOE continues to evaluate the complete extent of the breach, determine vulnerabilities, and take applicable measures to safe voter information and methods,” the company notes, promising further info because it turns into obtainable.
RansomedVC says it plans to promote the stolen information – not all of which may be obtained legally from DCBOE – to a single purchaser, however didn’t share particulars on the value.
The hacking group not too long ago claimed to have breached Sony’s methods, acquiring supply code, entry to Sony purposes, and confidential paperwork. Sony informed information.killnetswitch that it has recognized unauthorized exercise on a single server situated in Japan.
