Over the past few weeks, LookingGlass Cyber Solutions has tracked in an underground forum, the leak of nearly 40 million U.S. voter records from eight different states. The stolen data contains the personal and sensitive information of current and former voters from the following states:
- Arkansas -1.7 million
- Colorado – 3.5 million
- Connecticut – 2.6 million
- Delaware – 645,000
- Florida – 13.7 million
- Michigan – 7.4 million
- Ohio – 7.9 million
- Oklahoma – 2.2 million
The stolen information includes:
- Voter ID
- County ID
- Last Name, First Name, Middle Name
- Date of Birth
- Registration Date
- Voter Status
- Party Affiliation
- Residence Address/City
- Mailing Address (if different from residence)
- School District
- Municipal Court District
- State Representative District
- State Senate District
- Congressional District
The threat actor “Logan” advertised this information for sale on RaidForums, and is intimating that he/she may possess as many as 20-25 additional state voter databases. RaidForums focuses on data base leaks and any type of 4chan raiding. At this time, it is still unknown if Logan is behind the hack, or if he/she just leaked the information.
The most interesting part about this leak is that it appears Logan sold the Arkansas and Ohio databases for $2 each, totaling $4 for almost 10 million records. Such low return-on-investment for such valuable information indicates the actor did not do this for monetary reasons.
The cyber threat to U.S. voting emerged as a national security concern during the 2016 elections. The U.S. government believes that the Russian government-sanctioned was involved in the hacking of 39 states’ elections systems. However, it’s important to note that there is not enough evidence to tie Ohio and Arkansas’ hacking to Russia.
Regardless if this leak is connected to Russia or not, the repercussions for victims are that this information can and most likely be used for additional criminal acts and monetization.
The prevalence of data breaches across all organizations, agencies, and industries underscores the importance of having heightened cybersecurity measures in place. This, along with the fact that the leak does not appear to be for financial purposes, emphasizes the need for an always on-approach to protecting your networks, and employee and customer information.