A hacking group claims to have breached D.C.’s Board of Elections records, accessing 600,000 lines of U.S. voter data, according to the DCBOE.
The board became aware on Thursday, Oct. 6 that a hacking group known as RansomVC had claimed responsibility for a data breach, DCBOE said in a statement released late Friday afternoon. The voter records were accessed through DataNet, a web server used by DCBOE. No internal databases were directly compromised, according to the board.
Multiple federal and local law enforcement agencies are investigating the hack, including the FBI, Homeland Security, and D.C.’s Office of the Chief Technology Officer, according to the agency.
The board shut down its website upon learning of the breach and is conducting vulnerability scans of its networks. A spokesperson did not immediately return DCist/WAMU’s request for updated information on Monday morning; it’s unclear when the website will be back up and running normally.
While some voter information is public record — like names, addresses, and party affiliation — other data is not, including things like contact information, social security numbers, or birth dates.
RansomVC does not appear to have targeted D.C. agencies before. According to a Washington Post report, the group posted the data for sale on its dark web site, with a statement claiming to have accessed 600,000 lines of voter information. The Post also found the data for sale on a dark web hacking forum, with one post including the address and personal information of three apparent D.C. voters.
A spokesperson for DCBOE couldn’t confirm the authenticity of the posts.
The breach follows several other hacks of city agencies over the years. Most recently, DC Health Link, the city’s online exchange that allows customers and businesses to shop for private health insurance, suffered a data breach that impacted more than 50,000 customers. In 2022, a ransomware group claimed responsibility for a data breach at Events DC, the city’s quasi-public conventions and sports agency, and claimed to have published employee information on the dark web. And in 2021, a hacking group called Babuk stole and posted files from the Metropolitan Police Department after first demanding a $4 million ransom payment from the city.
Source: DCist
