<div dir="ltr"><a href="https://gizmodo.com/sacramento-bee-leaked-19-5-million-california-voter-rec-1822835127">https://gizmodo.com/sacramento-bee-leaked-19-5-million-california-voter-rec-1822835127</a><div><br></div><div>Last month, a local California newspaper left more than 19 million
voter records exposed online. Gizmodo confirmed this week that the
records were compromised during an apparent ransomware attack.<br></div><div><p>The <em>Sacramento Bee</em>
said in a statement that a firewall protecting its database was not
restored during routine maintenance last month, leaving the 19,501,258
voter files publicly accessible. Additionally, the names, home
addresses, email addresses, and phone numbers of 52,873 Sacramento Bee
subscribers were compromised.<br></p><div class="gmail-js_ad-dynamic"></div><div class="gmail-instream-native-video gmail-instream-native-video--mobile gmail-instream-permalink"></div><p>“We
take this incident seriously and have begun efforts to notify each of
the individuals on the contact list and to provide them resources to
help guard against potential misuse of their personal contact
information,” the paper said in a statement. “We are also working with
the Secretary of State’s office to share with them the details of this
intrusion.”</p><p>The Kromtech Security Center first <a href="https://mackeepersecurity.com/post/california-voter-database-leaked-again-with-more-data-at-risk" target="_blank" rel="noopener">discovered the data on January 31st</a>
and reviewed records from several of the exposed databases before
determining who owned the data. Kromtech reached out immediately to
multiple employees in the <em>Bee</em>’s IT department but received no response.</p><p>Gizmodo was notified about the breach on February 2nd and reached out to an executive editor at the <em>Bee</em>. Our email was not returned. After emailing two other members of the <em>Bee</em>’s
editorial board on Monday—including Gary Wortel, the paper’s president
and publisher—Gizmodo was contacted by a public relations director at
The McClatchy Company, the <em>Bee</em>’s owner. </p><div class="gmail-js_ad-mobile-dynamic gmail-js_ad-dynamic gmail-ad-mobile-dynamic"></div><p>A McClatchy spokesperson said the executive editor first contacted by Gizmodo had left the paper day our email was sent. <br></p><p>McClatchy
provided an initial statement on Tuesday, saying it had “strict
protocols in place to ensure the security of our data” and that it was
“aware of a ransomware attack on one of our servers that was located
outside our core IT structure.” The spokesperson added: “We know that in
databases apparently targeted, no personally identifiable information,
as defined by the State of California, was involved.”</p><p>Below is a
sample of a leaked voter record, with personal information redacted. It
contains the voter’s name, phone number, address, gender, date of birth,
political affiliation, among other election-related details.</p><p>The subscriber database includes only residents who subscribed to the paper prior to 2017, the paper said. </p><p>Another
database labeled “users” contained approximately 55,000 records.
Samples provided by Kromtech revealed names, email addresses, and IP
addresses.</p><div class="gmail-js_ad-mobile-dynamic gmail-js_ad-dynamic gmail-ad-mobile-dynamic"></div><p>The <em>Bee</em> said it did not pay the ransom and instead deleted the databases to prevent further intrusions. </p><p>On
Tuesday afternoon, McClatchy requested additional time to investigate
the intrusion. Gizmodo agreed and asked for additional details about the
type of ransomware involved. The hope was to determine whether the
ransomware used in the attack was the same variety involved in a <a href="https://gizmodo.com/stolen-california-voter-database-held-for-bitcoin-ranso-1821325023#_ga=2.139854515.1266398847.1518104649-1285737031.1493667211" rel="nofollow">separate recent incident</a>, which compromised 19.2 million California voter records in December.</p><p>The
question is whether the same actor is targeting California voter
records specifically. It is also possible the incidents are unrelated. </p><div class="gmail-js_ad-mobile-dynamic gmail-js_ad-dynamic gmail-ad-mobile-dynamic"></div><p>However, the <em>Bee </em>did
not provide Gizmodo with additional information about the ransomware.
Instead, on Wednesday night, without notice, the paper ran its own story
about the breach. “I hope you understand that our executive team felt
strongly that the <em>Bee</em> should inform its readership, some of
whom may be affected by this intrusion, as soon as we felt we understood
the boundaries of the incident,” the McClatchy spokesperson said after
the publication of the <em>Bee</em>’s story.</p><p>“California law
provides prohibitions and criminal penalties for the misuse or improper
acquisition of voter registration information,” a spokesperson at the
California Secretary of State’s office told Gizmodo on Tuesday.</p><p>Under
state law, access to voter data is restricted; however, journalists,
political campaigns, and academic researchers can acquire the data for
certain purposes. The data provided does not include Social Security
numbers, driver’s license numbers, or state ID numbers. Sharing the data
or obtaining it without authorization is illegal.</p><p>California’s <a href="https://govt.westlaw.com/calregs/Browse/Home/California/CaliforniaCodeofRegulations?guid=ID110BE30D49311DEBC02831C6D6C108E&originationContext=documenttoc&transitionType=Default&contextData=(sc.Default)" target="_blank" rel="noopener">administrative</a> and <a href="https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=18109.&lawCode=ELEC" target="_blank" rel="noopener">election</a>
codes appear written primarily to penalize individuals who acquire
voter data without permission or use it in unauthorized ways, such as
for commercial gain. It’s unclear if those rules and the corresponding
penalties apply to those who negligently handle voter data or allow
unauthorized persons to access it unintentionally.</p><p>In a statement published by the <em>Bee</em>, the Secretary of State’s office said: “McClatchy confirmed that the <em>Sacramento Bee</em>’s
server was breached. The Secretary of State’s office takes any
allegation of improper use of voter data very seriously, and continues
to work with the <em>Sacramento Bee</em> and McClatchy to gain a full picture of this incident. Our office has also notified law enforcement.”<br></p><p>With regard to the voter data, the <em>Bee</em>
wrote: “It’s not the first time this information has been exposed on
the public internet.” By Gizmodo’s count, however, the previous leak in
December contained 237,135 fewer voter records.</p><br></div></div>