Last month, a local California newspaper left more than 19 million voter records exposed online. Gizmodo confirmed this week that the records were compromised during an apparent ransomware attack. The Sacramento Bee said in a statement that a firewall protecting its database was not restored during routine maintenance last month, leaving the 19,501,258 voter files publicly accessible. Additionally, the names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers were compromised. “We take this incident seriously and have begun efforts to notify each of the individuals on the contact list and to provide them resources to help guard against potential misuse of their personal contact information,” the paper said in a statement. “We are also working with the Secretary of State’s office to share with them the details of this intrusion.”
The Kromtech Security Center first discovered the data on January 31st and reviewed records from several of the exposed databases before determining who owned the data. Kromtech reached out immediately to multiple employees in the Bee’s IT department but received no response.
Gizmodo was notified about the breach on February 2nd and reached out to an executive editor at the Bee. Our email was not returned. After emailing two other members of the Bee’s editorial board on Monday—including Gary Wortel, the paper’s president and publisher—Gizmodo was contacted by a public relations director at The McClatchy Company, the Bee’s owner.
A McClatchy spokesperson said the executive editor first contacted by Gizmodo had left the paper day our email was sent.