Security

Cyber-crime

DC elections agency warns entire voting roll may have been stolen

Home of the Republic seemingly hit by Sony/NTT Docomo ransomware crew


The US Capital's election agency says a ransomware crew may have stolen its entire voter roll, which includes the personal information of all registered voters in the District of Columbia.

The DC Board of Elections (DCBOE) first became aware of the intrusion on October 5, when a criminal gang called RansomVC claimed to have broken into a server belonging to DataNet Systems, the agency's website hosting provider, and accessed 600,000 items of US voter data including DC voter records.

According to DCBOE, none of its own internal databases or servers were accessed, but important information was on DataNet's servers.

In a Friday update posted on its website, the voting agency said the break-in now looks worse than it originally thought. During a daily check-in call with DataNet Systems, DCBOE learned - 15 days after the initial attack - that the compromised server "did contain a copy of the DCBOE's voter roll."

"DataNet Systems confirmed that bad actors may have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver's license numbers, dates of birth, and contact information such as phone numbers and email addresses," the agency added.

It said the service provider couldn't definitely say "if or when" the incident occurred, or "how many, if any, voter records were accessed." The elections agency says it will now contact all registered voters, and it has also hired Mandiant to assist with the incident response.

"This remains an active and open investigation," the statement said. "DCBOE will release its full findings when they are available." The agency didn't have any further updates as of Monday morning, DCBOE spokesperson, Sarah Winn Graham, told The Register.

DCBOE is also working with law enforcement and federal government agencies including the FBI, the Multi-State Information Sharing and Analysis Center, US Department of Homeland Security, and the Office of the Chief Technology Officer to investigate the breach.

Upon learning of the incident in early October, the elections agency took down its website and started scanning its database, server and IT networks for vulnerabilities.

While the website remains down, with a message telling visitors it is undergoing maintenance, "voter registration remains open, active, and secure for District of Columbia residents," according to DCBOE.

RansomVC, aka Ransomed.vc, is a new extortion crew that emerged in September and claimed to have breached Sony and Japanese cell carrier NTT Docomo. ®

Send us news
13 Comments

Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud

Some useful indicators of compromise right here

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways?

Ivanti devices hit by wave of exploits for latest security hole

At this point you might be better off just shutting the stuff down

China's Volt Typhoon spies broke into emergency network of 'large' US city

Jeez, not now, Xi. Can't you see we've got an election and Ukraine and Gaza and cost of living and layoffs and ...

ALPHV blackmails Canadian pipeline after 'stealing 190GB of vital info'

Gang still going after critical infrastructure because it's, you know, critical

The spyware business is booming despite government crackdowns

'Almost zero data being shared across the industry on this particular threat,' we're told

Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members

Honor among thieves about to be put to the test

AnyDesk revokes signing certs, portal passwords after crooks sneak into systems

Horse, meet stable door

Congress told how Chinese goons plan to incite 'societal chaos' in the US

American public is way ahead of them

FBI confirms it issued remote kill command to blow out Volt Typhoon's botnet

Disinfects Cisco and Netgear routers to thwart Chinese critters

US shorts China's Volt Typhoon crew targeting America's criticals

Invaders inveigle infrastructure

Crims found and exploited these two Microsoft bugs before Redmond fixed 'em

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android