At least 19 million registered voters in California have had their sensitive personal details hacked, and held at ransom for Bitcoin.
The thieves used ransomware to wipe out all of the voter data after stealing a long list of personal details, including their names, addresses, phone numbers, voter registration ID, emails, languages, genders, dates of birth, party affiliations and more.
The hack was discovered by researchers at Kromtech, a digital security firm in Germany. The cyber crime apparently took place earlier this year, and at this point no one knows if the Bitcoin ransom was ever paid. The size of the ransom demand was a mere 0.2 Bitcoin.
“In early December Kromtech security researchers discovered an unprotected instance of MongoDB database that appear to have contained voter data. The database named ‘cool_db’ contained two collections and was available for anybody with Internet connection to view and/or edit. One was a manually crafted set of voter registration data for a local district and the other appeared to contain the entire state of California with 19,264,123 records, all open for public access.
Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery).”
The wallet address for the Bitcoin ransom demand was also discovered.
The California Secretary of State says they are aware of the reported leak and are launching an investigation.
