Cyber Incident Victim: US Voter Records Organization
Date:
Jul 2017
Location:
United States of America
Summary
A dark web vendor known as "Logan" sold over 40 million voter records from nine U.S. states on RaidForums for under $5, with data including names, addresses, voter IDs, statuses, and party affiliations. The actor allegedly traded portions of the stolen information for credit card details and login credentials, while claiming possession of records from 20-25 additional states. The data was reportedly obtained through social engineering and Freedom of Information Act requests, with analysis suggesting the actor operated alone while employed at a cybersecurity firm. The incident coincided with broader government efforts to compile voter registration data, raising concerns among privacy advocates about potential misuse combining personal identifiers with other stolen data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2017, a dark web vendor using the pseudonym "Logan" advertised the sale of over 40 million US voter records on RaidForums, an underground cybercrime marketplace. The dataset included voter registration details from nine states: Arkansas, Colorado, Connecticut, Delaware, Florida, Michigan, Ohio, Oklahoma, and Washington State. Records contained full names, physical addresses, voter identification numbers, registration statuses, and political party affiliations. A subset of 10 million records from Ohio and Arkansas was sold for $4, while other transactions involved bartering voter data for stolen credit card information and account credentials. Jonathan Tomek, director of threat research at LookingGlass Cyber Solutions, confirmed the actor claimed possession of voter data from an additional 20-25 states. Analysis indicated Logan accumulated records through Freedom of Information Act (FOIA) requests and social engineering tactics rather than technical system breaches. The vendor operated independently without group affiliations according to investigators, who also identified him as an adult employed in the cybersecurity sector with international travel patterns.
The exposure of sensitive voter information—including birthdates, email addresses, and residential locations—created heightened risks when combined with other stolen datasets like financial credentials. LookingGlass warned this combination could enable sophisticated identity fraud or targeted scams. Concurrently, the Trump administration’s Presidential Advisory Commission on Election Integrity had requested voter roll data from all 50 states, with 24 states partially complying by late July 2017. Privacy advocates including the American Civil Liberties Union filed lawsuits against the commission, citing concerns that centralized storage of voter data could facilitate suppression tactics. The dark web sales amplified existing anxieties about voter privacy, though the exact number of purchasers remained unverified. No containment measures or law enforcement actions against the vendor were detailed in available reports during the initial disclosure period.