The US Sacramento Bee newspaper deleted two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper.
The paper refused to pay the hackers' demand for a bitcoin ransom and is notifying subscribers whose information – including names, dates of births, phone numbers, and political affiliations – was affected, according to its publisher Gary Wortel, who also serves as west regional publisher at parent company McClatchy.
“We take this incident seriously and are working with the Secretary of State's office to share with them the details of this intrusion,” he said in the Bee.
“After a reporter with another publication alerted our office that a Sacramento Bee server with voter registration data may have been compromised, the Secretary of State's office immediately reached out to The Sacramento Bee and McClatchy,” according to a statement from the office of the California Secretary of State. “McClatchy confirmed that the Sacramento Bee's server was breached. The Secretary of State's office takes any allegation of improper use of voter data very seriously, and continues to work with The Sacramento Bee and McClatchy to gain a full picture of this incident. Our office has also notified law enforcement.”
A developer, attempting unsuccessfully to upload to a server at the hosting company, ran across a ransom demand on 29 January. The paper said the compromise occurred when the site was undergoing routine maintenance and the firewall failed to come back online, exposing the database for around two weeks.
“It is important to emphasise that no confidential information – such as social security numbers, driver's license numbers, state ID numbers, or voter signatures – is ever provided in response to a request for the state voter file,” the Secretary of State's statement said. “Those with access to the voter file have a responsibility to take the necessary measures to protect voter data, wherever and however it is used, and to report any compromises to the Secretary of State's office and law enforcement in a timely manner.”