D.C. Board of Elections Confirms Voter Data Stolen in Site Hack

Cyber Security Threat Summary:
The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC. DCBOE operates as an autonomous agency within the District of Columbia Government and is entrusted with overseeing elections, managing ballot access, and handling voter registration processes. Its investigation into the claims has revealed that the attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority. Notably, the breach did not involve a direct compromise of DCBOE's servers and internal systems” (Bleeping Computer, 2023).

Security Officer Comments:
The development comes after a threat group known as RansomedVC claimed to have successfully breached the District of Columbia Board Of Elections and accessed more than 600k lines of U.S. voter data. This data was allegedly dumped from an MSSQL database, containing information for more than 600,000 D.C. voters, which the threat actors are now advertising for sale on their data leak site. Although the threat actors shared a sample of the stolen data, which includes personal details (name, registration ID, voter ID, partial Social Security number, driver's license number, date of birth, phone number, email, and more) of a Washington D.C voter), it's difficult to verify the authenticity of their claims. For instance, RansomeVC recently claimed to have breached Sony’s systems and stolen over 260GB of files. However, this claim was shortly disputed by another threat actor who identifies as MajorNelson.

Suggested Correction(s):
With PII data being potentially accessed, users should be on the lookout for identity theft and targeted social engineering and phishing attacks. The DCBOE says it has worked with the FBI and Department of Homeland Security to conduct a security assessment of its internal systems. It has also initiated a vulnerability scan across its database, server, and IT networks to identify potential security issues that might have enabled the actors to access the stolen information.