California Voter Records Turn into a Hot Commodity? Second Ransomware Attack Reported
Thanks to a local newspaper, over 19 million California voter records were exposed online. The incident took place in January during a ransomware attack. According to Sacramento Bee - the paper responsible for this latest exposure - the voter registration data was stored in a secure database. However, after a routine maintenance by a third party server provider, the firewall didn't come back online and resulted in the database being available publicly for days.
The paper didn't learn about the incident until a developer noticed an error when trying to upload data and later discovered that someone had accessed the database, deleted its data, and left a ransom note behind. The hacker had threatened the publication for deleting the data if they weren't paid in bitcoins. However, The Bee chose to delete the database to avoid any future attacks.
The issue came to the front thanks to Kromtech Security Center who first discovered the data on January 31 and reviewed records before finding out who owned this data that was now in the public.
19 million California voters and 53,000 Bee subscribers affected
The exposure affects 19,501,258 voter files along with the home addresses, names, and phone numbers of 52,873 current and former Sacramento Bee subscribers. The Bee assures that none of these two databases contained financial data such as Social Security numbers, credit card numbers or bank account information.
"Two Sacramento Bee databases on a third-party computer server were seized last month by an anonymous hacker who demanded The Bee pay a ransom in Bitcoin to get the data back," the publication reported the attack yesterday. "The intrusion, which was discovered by a Bee employee last week, exposed one database containing California voter registration data from the California Secretary of State and another that had contact information for 53,000 current and former Bee subscribers who activated their digital accounts prior to 2017."
“We take this incident seriously and are working with the Secretary of State’s office to share with them the details of this intrusion."
Not the first time hackers have targeted California voter database
This is actually the second incident involving a leak of voter records as a MongoDB database containing voter files was leaked in December, as well. As for why The Bee had access to these files, the publication said it had "obtained the voter registration database from the state for reporting purposes," adding that the "state has provided the same database to other organizations, and some of them have also been subject to attack - including a 2017 incident in which a hacker made a similarly worded demand for a Bitcoin ransom."
The publication's owner The McClatchy Company said that no "personally identifiable information, as defined by the State of California, was involved" in this leak. Gizmodo - first to report this leak - reported that access to voter data is restricted but not banned. Political campaigns, academic researchers and journalists can access this data. But this data provided by the state doesn't contain information like SSN, driver’s license numbers, or state ID numbers. [An earlier piece on leaked voter files contains a list of information that was exposed]
Since the ransom note left behind is similar to the one posted by the hacker in December that had first targeted the California voter files, it remains possible that the same actor might be targeting voter records in the state. Law enforcement investigation would further shed light on this possibility or if this was an entirely unrelated attack.