District of Columbia Board of Elections Has Apparently Been Pwned…. PII Has Been Swiped

The District of Columbia Board of Elections (DCBOE) is saying that a threat actor may have obtained access to the personal information of all registered voters:

On Friday, October 20, during a daily morning check-in call with DataNet Systems, DCBOE learned that:

  • DataNet Systems’ breached database server did contain a copy of the DCBOE’s voter roll.
  • DataNet Systems confirmed that bad actors MAY have had access to the full voter roll which includes personal identifiable information (PII) including partial social security numbers, driver’s license numbers, dates of birth, and contact information such as phone numbers and email addresses.
  • DataNet Systems could not pinpoint if or when this file may have been accessed or how many, if any, voter records were accessed.

Out of an abundance of caution, DCBOE will reach out to all registered voters. In addition, DCBOE will be engaging with Mandiant, a cybersecurity consulting firm, to assist with next steps.

This remains an ongoing and active investigation.

Ken Westin, Field CISO, Panther Labs had this comment:

There are many troubling aspects to the breach of DataNet Systems’ voter registration data. First is the amount of PII that was harvested from license numbers, SSN, addresses, and contact details. Given this is data of DC residents and the ransomware group responsible are out of Russia, there is a likely chance this information can end up in the hands of Russian intelligence. The fact that DataNet Systems can’t say with any certainty when the data was accessed or for how long is also worrisome and makes me wonder if they were missing key security controls to protect such sensitive data.

I for one would like to see DataNet Systems fully explain this. Maybe the solution is to haul them in front of a Congressional committee and compel them to answer the hard questions? I say that because it seems very odd to me that they can’t provide details as to how this happened.

Leave a Reply

%d bloggers like this: