After multiple claims that Virginia election candidates’ data had been leaked surfaced in the past few weeks, the Virginia Department of Elections has finally dismissed the allegations, saying the details were scraped from the election department’s official website.
The Virginia Department of Elections is responsible for providing and overseeing open and secure elections for the citizens of the Commonwealth of Virginia. It is responsible for voter registration, absentee voting, ballot access for candidates, campaign finance disclosure and voting equipment certification in coordination with about 133 local election offices.
Virginia Department of Elections Breach Claims
On June 29, a threat actor under the moniker IntelBroker claimed a breach of the Virginia Department of Elections, which resulted in the siphoning of 65,000 election candidate records. The compromised data allegedly included sensitive information such as timestamps, usernames, election data, candidate information, and voting method details.
“This breach was previously being sold on the forum, but as the data is still online, I decided to leak it to prevent new accounts scamming and gatekeeping this database,” the threat actor said.
Prior to this, another threat actor on the same hacker forum under the moniker “pwns3c” claimed a breach of the Virginia Department of Elections, but said only 6,500 records were compromised. The hacker was selling the data set, which contained similar details as those advertised by IntelBroker, for just $30. “pwns3c” has also offered access and sale of a database purported to contain sensitive data and documents from a City of New York data breach.
On Monday, another threat actor known as “LoveBeauty” exposed detailed information about election candidates and results, raising concerns over the integrity of the state’s electoral data and processes.
The data, easily understandable to anyone, consisted of a 16.6MB CSV file with 65,548 lines of detailed election-related information. This dataset includes candidate IDs, names, total votes received, party affiliations, write-in votes, locality codes, precinct details, district information, office titles, and specific election details. Covering local governmental roles and legislative positions from Virginia’s 2023 November General and Special Elections, the data’s scope is extensive.
The allegedly leaked data includes unique identifiers and vote counts for candidates running for the house of delegates, commissioners, senators, directors, and members of the board of supervisors.
An independent media agency that claimed to have investigated the data’s legitimacy by cross-referencing a sample of the leaked information with actual candidates and parties from the 2023 elections, confirmed the data’s authenticity.
Data Likely Scraped: Virginia Department of Elections
However, the Virginia Department of Elections spokesperson told The Cyber Express that this is likely scraped data.
“No breaches or data compromises have been detected.” – Virginia Department of Elections
The Department of Elections (ELECT) is aware of the social media post from a user purporting to expose a data breach of Department of Elections data. The message posted on X, formerly known as Twitter, references data that is already publicly available on the Department of Elections’ website under Election Reports/Results,” the spokesperson said.
Although election authorities dismissed the leak claims this time, the repercussions of such data breaches are potentially significant. Not only could they put the personal information of candidates at risk, but they could also undermine confidence in the electoral process. Public trust, already fragile in many places, could be further eroded by a significant breach.
Election integrity is a cornerstone of democracy, and breach threats underscore the urgent need for enhanced cybersecurity measures to safeguard electoral processes.
The Virginia Department of Elections pledged vigilance around any potential threats to its election infrastructure. It continues to work with local, state and federal partners to ensure the safety and security of the electoral process. State officials are involved in the MS-ISAC pilot project. The Department of Homeland Security and the Virginia Information Technologies Agency continue to provide various cyber services to the department, and any identified issues will be addressed appropriately, the department said.
