A breach of Washington, D.C. voter data may have been broader than initially understood and may have included the entire voter roll, the District of Columbia Board of Elections said in a statement Friday.
The board first learned of the breach after voter data was offered for a sale in an online forum earlier this month. Initially, the board believed the affected data amounted to 600,000 lines, but in a call with its hosting provider on Friday learned that the breached database included a copy of the full voter roll.
It is unclear whether the attacker was able to exfiltrate the full voter roll containing data such as voters’ social security numbers, driver’s license numbers, phone numbers and more. According to the board, DataNet reported that it “could not pinpoint if or when this file may have been accessed or how many, if any, voter records were accessed.”
On Oct. 6, the board confirmed that a hacking group breached the district’s election authority after a user of an online forum where data is bought and sold claimed that they had access to the voter registration information and offered to sell the data.
The board said Friday it has hired the cybersecurity firm Mandiant to investigate the incident, pledged to release the results of its investigation of the breach and said it would reach out to all registered voters. “This remains an ongoing and active investigation,” the board said Friday.
The board’s understanding and public accounting of the breach has shifted since it was first discovered earlier this month. After first saying the potentially affected data amounted to 600,000 lines, the board then said it was limited to less than 4,000 voter records. More than two weeks after the breach was first discovered, the board is now warning that the city’s entire voting population may be affected by the breach.
In the aftermath of the breach, the agency took its website offline. Two weeks later, it is described as “under maintenance.”
Washington voters are encouraged to follow the board’s social media for updates; updates on the investigation are also available on the site’s data breach page.