Compromised voter data

It’s hard to imagine more sensitive personal data than voter information.  Not only does it have the same potential for identity theft as other types, it can of course impact elections.  Back in March, hackers stole data from Washington D.C.’s health insurance platform – DC Health Link – including information from several Congress members. 

Following up on that, the Washington D.C. Board of Elections (DCBOE) has confirmed that the RansomVC hacking group accessed some DC voter data through the breach of a third-party provider, a web server from DataNet Systems.  According to the hackers, the total number was 600,000, and that is what the Board initially believed as well. 

It was soon discovered, however, that around 4,000 people had their data exposed in a breach, including “information from voters who participated in DCBOE’s canvass process, which is conducted every odd-numbered year to ensure the voter roll is up-to-date.”  Later it was revealed that the breached database included a copy of the full voter roll.  What remains unclear is whether the culprit was able to exfiltrate the full swathe of data like Social Security numbers or driver’s license information.

The DCBOE began an investigation into the incident in conjunction with data security partners and the federal government, including the FBI.  The Board also conducted vulnerability scans on its servers, database and other IT networks, and temporarily shut down its website.  It is still undergoing maintenance.

No elaboration is needed to outline the dangers involved with compromised voter data: from the usual cybercrime activities, to more targeted attacks that can result.  Expanding our scope, even more broadly is the impact such a breach can have on elections.  Discovering a horde of voter data on an online forum, as the DCBOE did in this instance, means that anything from voter fraud to blackmail is on the table.  Government agencies who fail to keep such sensitive data secure have unfortunately failed their constituents, as the residents of DC have discovered.

In order to best serve the interests of their communities, government agencies need to be as proactive and protective as any private company with the safety of people’s data.  To face one critical front in this fight, NetLib Security’s Encryptionizer solution provides robust, transparent encryption of stored data to keep your databases, servers, legacy systems, devices, and distributed applications secure.Functional right out of the box, Encryptionizer requires no additional programming or hit to operational performance.  Keeping data safe has never been more important, and NetLib Security is there to facilitate the task.


By: Jonathan Weicher, post on October 31, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security