DC elections agency warns entire voting roll may have been stolen

The US Capital's election agency says a ransomware crew might have stolen its entire voter roll, which includes the personal information of all registered voters in the District of Columbia.

The DC Board of Elections (DCBOE) first became aware of the intrusion on October 5, when a criminal gang called RansomVC claimed to have broken into a server belonging to DataNet Systems, the agency's website hosting provider, and accessed 600,000 items of US voter data including DC voter records.

According to DCBOE, none of its own internal databases or servers were accessed, but important information was on DataNet's servers.

In a Friday update posted on its website, the voting agency said the break-in now looks worse than it originally thought. During a daily check-in call with DataNet Systems, DCBOE learned - 15 days after the initial attack - that the compromised server "did contain a copy of the DCBOE's voter roll."

"DataNet Systems confirmed that bad actors may have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver's license numbers, dates of birth, and contact information such as phone numbers and email addresses," the agency added.

It said the service provider couldn't definitely say "if or when" the incident occurred, or "how many, if any, voter records were accessed." The elections agency says it will now contact all registered voters, and it has also hired Mandiant to assist with the incident response.

• Now MOVEit maker Progress patches holes in WS_FTP
• Casio keyed up after data loss hits customers in 149 countries
• Europol knocks RagnarLocker offline in second major ransomware bust this year
• Cybercrim claims fresh 23andMe batch takes leaked records to 5 million

"This remains an active and open investigation," the statement said. "DCBOE will release its full findings when they are available." The agency didn't have any further updates as of Monday morning, DCBOE spokesperson, Sarah Winn Graham, told The Register.

DCBOE is also working with law enforcement and federal government agencies including the FBI, the Multi-State Information Sharing and Analysis Center, US Department of Homeland Security, and the Office of the Chief Technology Officer to investigate the breach.

Upon learning of the incident in early October, the elections agency took down its website and started scanning its database, server and IT networks for vulnerabilities.

While the website remains down, with a message telling visitors it is undergoing maintenance, "voter registration remains open, active, and secure for District of Columbia residents," according to DCBOE.

RansomVC, aka Ransomed.vc, is a new extortion crew that emerged in September and claimed to have breached Sony and Japanese cell carrier NTT Docomo. ®