Hackers Hit California Newspaper Databases Full of Subscriber, Voter Data

The Sacramento Bee has erased its subscriber database and another containing voter registration records following a ransomware attack last month.

by Adam Ashton, The Sacramento Bee / February 8, 2018
Shutterstock

(TNS) — Two Sacramento Bee databases on a third-party computer server were seized last month by an anonymous hacker who demanded The Bee pay a ransom in Bitcoin to get the data back.

The intrusion, which was discovered by a Bee employee last week, exposed one database containing California voter registration data from the California Secretary of State and another that had contact information for 53,000 current and former Bee subscribers who activated their digital accounts prior to 2017.

The Bee did not pay the ransom and has deleted the databases to prevent further attacks, Publisher Gary Wortel said.

Wortel said The Bee is notifying affected subscribers that their names, addresses, email addresses and phone numbers were exposed.

He said that neither the subscriber database nor the voter registration database included sensitive financial data such as Social Security numbers, credit card numbers or bank account information.

“We take this incident seriously and are working with the Secretary of State’s office to share with them the details of this intrusion,” Wortel said.

The Bee had obtained the voter registration database from the state for reporting purposes, and it’s not the first time this information has been exposed on the public internet. The state has provided the same database to other organizations, and some of them have also been subject to attack – including a 2017 incident in which a hacker made a similarly worded demand for a Bitcoin ransom.

The Secretary of State’s office said it has informed law enforcement of both incidents.

The voter database includes contact information – addresses and phone numbers – and party affiliations, dates of birth and places of birth for 19.4 million voters. It is public information, but by state law can be used only for governmental, political, academic or journalistic purposes.

Sam Mahood, a spokesman for the office, said hackers have not breached the state’s own voter rolls but rather only data held by private organizations. He said that the data disclosed in the recent incidents will not affect someone’s ability to vote.

“After a reporter with another publication alerted our office that a Sacramento Bee server with voter registration data may have been compromised, the Secretary of State’s office immediately reached out to The Sacramento Bee and McClatchy,” the Secretary of State’s office said in a statement.

“McClatchy confirmed that the Sacramento Bee’s server was breached. The Secretary of State’s office takes any allegation of improper use of voter data very seriously, and continues to work with The Sacramento Bee and McClatchy to gain a full picture of this incident. Our office has also notified law enforcement.

“It is important to emphasize that no confidential information – such as social security numbers, driver’s license numbers, state ID numbers, or voter signatures – is ever provided in response to a request for the state voter file. Those with access to the voter file have a responsibility to take the necessary measures to protect voter data, wherever and however it is used, and to report any compromises to the Secretary of State’s office and law enforcement in a timely manner,” the Secretary of State’s office said.

The Bee learned of the incident on Jan. 29 when a developer noticed that a database would not upload correctly to a server maintained by a third-party hosting service. The developer then discovered a note from a cybercriminal demanding a Bitcoin ransom in exchange for the data.

The information was compromised last month after The Bee’s vendor performed routine maintenance and the firewall did not come back online. With the firewall down, The Bee’s database was exposed to the public internet for about two weeks.

Wortel said The Bee is redoubling its security efforts to protect against future attacks and is providing affected subscribers with information on how to guard against potential misuse of their personal information. He said subscribers with questions or concerns should contact The Bee at 800-284-3233 or customerservice@sacbee.com.

©2018 The Sacramento Bee (Sacramento, Calif.) Distributed by Tribune Content Agency, LLC.