D.C. and federal authorities have launched an investigation into an outside group’s hack of voter records maintained by the D.C. Elections Board (DCBOE).
On Friday, DCBOE announced it had “become aware” that RansomVC, a hacking group, was claiming it had “breached DCBOE’s records and accessed 600,000 lines of US voter data, including DC voter records.” In its initial inquiry into the matter, the board confirmed the authenticity of the breach, acknowledging that records were accessed and the incident occurred through DCBOE’s web server, DataNet.
While the board claimed no “internal DCBOE databases or servers were directly compromised,” DCBOE officials additionally announced they are collaborating with the FBI, Department of Homeland Security, and other federal offices to probe the matter. In the meantime, DCBOE has closed down its website until further notice and conducted “vulnerability scans” on its IT networks, servers, and databases.
According to The Washington Post, RansomVC (or RansomedVC) attempted to sell the aforementioned data on the dark web, as well as on an online hacking forum. Portions of the published data analyzed by the outlet “showed what the group claimed was one D.C. voter’s full name, address, contact information and driver’s license number, and part of their Social Security number.”
As noted in DCBOE’s Friday announcement, voter data — including voter names, party affiliation, and addresses — is information already available to the public. But other data, such as social security numbers, birth dates, and contact information, is not.
“DCBOE continues to assess the full extent of the breach, identify vulnerabilities, and take appropriate measures to secure voter data and systems,” the board said in its Friday statement.
DCBOE is hardly the only government-affiliated department in Washington to become a victim of hacking. In recent years, agencies and sites such as D.C. Health Link, Events D.C., and the Metropolitan Police Department have all had apparent information hacks by nefarious groups.