Committee on House Administration Chair Bryan Steil, R-Wis., (seen here) and Subcommittee on Elections Chair Laurel Lee, R-Fla., claim "malicious actors" broke into an encrypted database on Oct. 5 and accessed the voter registration roll, resulting in the illegal sale of sensitive personal data. File Photo by Ken Cedeno/UPI |
License Photo
Jan. 5 (UPI) -- Republican lawmakers sent a letter to the D.C. Board of Elections this week raising concerns about an October hacking incident that exposed the private information of voters in the nation's capital.
In the letter, Committee on House Administration Chair Bryan Steil, R-Wis., and Subcommittee on Elections Chair Laurel Lee, R-Fla., claim "malicious actors" broke into an encrypted database on Oct. 5 and accessed the voter registration roll, resulting in the potential illegal sale of sensitive personal data.
The letter said the Board of Elections took two weeks to fully respond to the breach, and then waited another two-and-a-half months to notify voters in the district whose information was exposed.
In a joint statement, Steil and Lee said they were concerned that the culprits would remove the information of legitimate D.C. voters and replace it with phony data -- a jarring supposition as the first ballot of the 2024 primary season was only days away.
"This includes improper removal of voters from the rolls, improper additions of ineligible individuals or false names to the rolls, or improper or false markings about a voter's ballot return status, which might allow bad actors to prevent certain voters from casting ballots, allow other voters to cast multiple ballots, or permit ineligible people or false names to cast ballots," the lawmakers wrote.
The pair sought additional details about the Election Board's information technology infrastructure, security policies and procedures, as well as deeper insights into the internal investigation following the digital break-in.
Among the list of questions, Steil and Lee asked if the Board of Elections or D.C. Attorney General Brian Schwalb had investigated whether data exposed in the breach was sold on the dark web.
DataNet Systems -- an IT services firm in Washington -- identified individuals affected by the breach on Nov. 20 but waited until Dec. 22 to alert registered voters, according to a press release from the company.
As a result of the breach, the company acknowledged that an alarming scope of information had been exposed, including names, physical addresses, email addresses, birthdates, phone numbers and voter registration numbers, partial Social Security numbers, and driver's license numbers.
Hackers gained access to the database through a software program that is employed to advise voters on election-related updates and procedures.
The company "immediately took steps to secure the network and minimize the impact of the incident," DataNet Systems said, adding that it "also engaged a leading independent cybersecurity firm to investigate what happened and determine whether any sensitive information may have been impacted."
The Board has since posted several updates about the breach to its website, and provided voters with steps to safeguard their personal information, including details about credit reporting and monitoring.