DC elections agency warns voting roll may have been stolen The Register

The US Capital's election agency says a ransomware crew might have stolen its entire voter roll, which includes the personal information of all registered voters in the District of Columbia. The DC Board of Elections first became aware of the intrusion on October 5, when a criminal gang called RansomVC claimed to have broken into a server belonging to DataNet Systems, the agency's website hosting provider, and accessed 600,000 items of US voter data including DC voter records. According to DCBOE, none of its own internal databases or servers were accessed, but important information was on DataNet's servers. In a Friday update posted on its website, the voting agency said the break-in now looks worse than it originally thought. During a daily check-in call with DataNet Systems, DCBOE learned - 15 days after the initial attack - that the compromised server "Did contain a copy of the DCBOE's voter roll." "DataNet Systems confirmed that bad actors may have had access to the full voter roll which includes personal identifiable information including partial social security numbers, driver's license numbers, dates of birth, and contact information such as phone numbers and email addresses," the agency added. It said the service provider couldn't definitely say "If or when" the incident occurred, or "How many, if any, voter records were accessed." The elections agency says it will now contact all registered voters, and it has also hired Mandiant to assist with the incident response. "This remains an active and open investigation," the statement said. "DCBOE will release its full findings when they are available." The agency didn't have any further updates as of Monday morning, DCBOE spokesperson, Sarah Winn Graham, told The Register. DCBOE is also working with law enforcement and federal government agencies including the FBI, the Multi-State Information Sharing and Analysis Center, US Department of Homeland Security, and the Office of the Chief Technology Officer to investigate the breach. Upon learning of the incident in early October, the elections agency took down its website and started scanning its database, server and IT networks for vulnerabilities. While the website remains down, with a message telling visitors it is undergoing maintenance, "Voter registration remains open, active, and secure for District of Columbia residents," according to DCBOE. RansomVC, aka Ransomed. Vc, is a new extortion crew that emerged in September and claimed to have breached Sony and Japanese cell carrier NTT Docomo.

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to DC elections agency warns voting roll may have been stolen The Register

DC elections agency warns voting roll may have been stolen The Register - The US Capital's election agency says a ransomware crew might have stolen its entire voter roll, which includes the personal information of all registered voters in the District of Columbia. The DC Board of Elections first became aware of the ...
11 months ago Theregister.com
Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats - The issues of outside interference in U.S. elections and the security of the systems behind them have been talked and debate for at least a decade and promise to be at the forefront again as the country gears up for what promises to be a pivotal ...
9 months ago Securityboulevard.com
Restrictions on Gemini Chatbot's Election Answers by Google - AI chatbot Gemini has been limited by Google in terms of its ability to respond to queries concerning several forthcoming elections in several countries, including the presidential election in the United States, this year. According to an ...
7 months ago Cysecurity.news
Shared Responsibility: How We Can All Ensure Election Security - In 2024, voters in more than 60 countries-representing 4 billion people-will cast ballots. Some of the elections are far-reaching-such as the upcoming European Parliamentary elections, which will span 27 countries from June 6 to 9. In an era where ...
5 months ago Feedpress.me
Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices - The nation's cybersecurity agency has launched a program aimed at boosting election security in the states, shoring up support for local offices and hoping to provide reassurance to voters that this year's presidential elections will be safe and ...
9 months ago Securityweek.com
The Intersection of AI and Cybersecurity: Unveiling Threats to Elections - As we witness the growing reliance on AI, particularly in the realm of elections, a new concern emerges-how AI usage can potentially open the door to cybersecurity threats that jeopardize the integrity of democratic processes. 1.) AI-Powered ...
10 months ago Cybersecurity-insiders.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Blue Shield of California members' Social Security numbers, other data stolen - Sensitive data from Blue Shield of California vision policy holders - including Social Security numbers, birth dates and addresses - may be among confidential patient information accessed by criminal hackers, the Oakland-based health insurance giant ...
11 months ago Siliconvalley.com
Security Boulevard - This is likely our last shot at preserving liberal democracy in the U.S., or at least avoiding 20-40 years of abject horribleness by wannabe bigoted and sociopathic demigods. The year 2024 is also set to be a significant year for global politics, ...
10 months ago Securityboulevard.com
Have I Been Pwned adds 71 million emails from Naz.API stolen account list - Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using ...
9 months ago Bleepingcomputer.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
361 million stolen accounts leaked on Telegram added to HIBP - A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check ...
4 months ago Bleepingcomputer.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
5 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 weeks ago Tenable.com
How Cybercriminals Will Sway 2024 US Elections, Or Try To - Foreign interference actors, mostly operating out of Russia, Iran, and China, are ramping up efforts to influence US audiences ahead of 2024's national elections. One prime example is Doppelganger, a Russia-based influence operation that has ...
10 months ago Darkreading.com
Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections - In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon ...
8 months ago Cysecurity.news
Hacked Iraqi Voter Information Found for Sale Online - A team of researchers this month uncovered the sale of voter data stolen in an apparent hack against Iraq's Independent High Electoral Commission - yet incident in a pattern of increased malicious activity targeting elections in the Middle East and ...
8 months ago Darkreading.com
Ransomware Attack Leaks Sensitive Info on 200,000 Indianapolis Housing Agency Residents - The Indianapolis Housing Agency is notifying more than 200,000 people that their information, including Social Security numbers and more, was leaked during a ransomware attack that began in September. The federally-funded agency is responsible for ...
1 year ago Therecord.media
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
10 months ago Securityboulevard.com
Innovative Legal Move Restores Hospital's Stolen Information - There has been a handover of patient data stolen by the notorious LockBit gang from a cloud computing company to a New York hospital alliance that is partnered with that company. There was a lawsuit filed by the North Star Health Alliance - a group ...
9 months ago Cysecurity.news
ENISA Warns of AI Manipulation Ahead of Upcoming European Elections - The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity. The 11th edition of ENISA's ...
11 months ago Infosecurity-magazine.com
Election security threats in 2024 range from AI to anthrax The Register - In time for the long Presidents' Day weekend in the US there have been multiple warnings about what will undoubtedly be a challenging and potentially dangerous year for voting processes and government workers. State and county officials have been ...
8 months ago Go.theregister.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com
City of Philadelphia discloses data breach after five months - The City of Philadelphia is investigating a data breach after attackers "May have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)