Update on the District of Columbia voter data compromise.
By Tim Nodar, CyberWire senior staff writer
Oct 24, 2023

A third-party breach affects voter information in the District of Columbia.

Update on the District of Columbia voter data compromise.

Washington, DC’s Board of Elections (DCBOE) has released an update on a data breach that affected voter information, the Register reports. DCBOE stated, “On October 5, 2023, the District of Columbia Board of Elections (DCBOE) became aware that a hacking group known as RansomVC claimed to have breached DCBOE’s records and accessed 600,000 lines of US voter data, including DC voter records. DCBOE has found that voter records were accessed through a breach of the web server of DataNet Systems, DCBOE’s website hosting provider. No internal DCBOE databases or servers were directly compromised. DCBOE continues to assess the full extent of the breach, identify vulnerabilities, and take appropriate measures to secure voter data and systems.”

Specifics about the data breach.

The update adds:

  • “DataNet Systems’ breached database server did contain a copy of the DCBOE’s voter roll.
  • “DataNet Systems confirmed that bad actors MAY have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver’s license numbers, dates of birth, and contact information such as phone numbers and email addresses.
  • “DataNet Systems could not pinpoint if or when this file may have been accessed or how many, if any, voter records were accessed.”

Data compromise could facilitate social engineering.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented on the potential for breaches of this kind to enable further criminal activity. “As always, these sorts of data breach incidents invite malicious actors to be able to create more specific spear phishing emails where potential victims are contacted by a sender who purports to be a legitimate contact. The inclusion of stolen details allows the attacker to appear more legitimate than if they did not have the stolen data. And spear phishing emails are far more likely to compromise potential victims than a general phishing email with no private details about the victim." Thus the information can be used to lend more plausibility to subsequent social engineering against any number of othter targets. “This continues a trend of ransomware gangs profiting by exfiltrating private data and then asking for a ransom not to disclose it publicly or resell it to other hackers. Ransomware gangs used to all be about encrypting data and asking for a ransom. Now at least 25% of ransomware gangs don't encrypt at all. Their entire money making scheme has to do with stealing data and asking for a ransom not to reveal or resell. It's quicker, far easier, and less problematic than encrypting data and having to provide decryption keys to unlock the data.”