Virginia Election Candidates Data Leaked

A major data breach has exposed sensitive information about Virginia's last election candidates on the dark web.

By Marco Rizal - Editor, Journalist 4 Min Read
Share this post?
Share this post?

A major data breach has exposed sensitive information about Virginia's last election candidates on the dark web.

A leaked dataset from Virginia's election administration agency has been posted on a notorious dark web crime forum. The threat actor responsible for this breach goes by the username LoveBeauty.

The leaked data, which can be understood without difficulty, contains extremely sensitive information regarding election candidates and results, causing significant worries about the integrity of the state's electoral process.

On July 14, 2024, the compromised data was discovered on the hacking forum. The dataset is a CSV file that is around 16.6MB in size and consists of 65,548 lines of detailed election-related data.

This information covers a wide range of details, including candidate IDs, names, total votes received, party affiliations, write-in votes, locality codes, precinct details, district information, office titles, and election specifics.

Data from this leak covers a wide range of local governmental roles and legislative positions from the “2023 November General and Special Elections” that took place in Virginia.

election data breach
Dataset of the November 7, 2023 elections candidates (Censored for privacy)

This leak contains a wide range of information, including data for candidates running in various positions such as house of delegates, commissioners, senates, directors, and members of the board of supervisors.

The dataset contains confidential data on multiple candidates who took part in the November 7, 2023 elections. This breach has the potential to compromise the candidates, their political parties, and the voters.

The exposed data includes unique identifiers and vote counts, which have the potential to undermine public trust in the electoral process.

The leaked data comes from Virginia's election administration agency, which is in charge of overseeing the state's elections and maintaining its voter registration system.

The timing of the breach is still being investigated, although the data was posted on July 14, 2024.

This breach exposes the weaknesses in our election system by design. The fact that sensitive data was released so broadly points to serious flaws in the Virginia election administration agency's security systems. Not to mention, this disclosed dataset contains important data of public officials that can be exploited by malicious actors.” One cybersecurity researcher pointed.

We cross-referenced a sample of the leaked data with the actual candidates and parties from the 2023 elections as part of our investigation. The match confirmed the data's legitimacy, thus “partially” confirming the extent of this breach on our end.

However, the organization has recently denied the data breach, which has raised questions about the origin of the 65k lines of candidates' data.

Update:

A representative from the Department of Elections has released a statement claiming that the said data breach is public knowledge.

The Department of Elections (ELECT) is aware of the social media post from a user purporting to expose a data breach of Department of Elections data. The message posted on X, formerly known as Twitter, references data that is already publicly available on the Department of Elections’ website under Election Reports/ Results.  No breaches or data compromises have been detected.

It appears that the alleged breach involves scraping public data and is being falsely labeled as a data breach.

Leave a comment