Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Florida Voter Data Found on Russian Hacking Forum

Personal identity data claimed to be associated with nearly 15 million Florida voters has been found on a well-known Russian hacking site. As of December 2019, there were only about 13.5 million registered voters in Florida, so it is likely that some information is duplicated or false. While it is unclear who is behind the leak, it seems that the data comes from August 2018. No comment has been made by anyone in the Florida Division of Elections regarding this issue—however, the website of the Florida Division of Elections makes it clear that all of the information that appeared in the database is a public record. The website states, “Once filed, with few exceptions, all voter registration information is public record including your name, address, date of birth, party affiliation, phone number and email address.” There are almost 40 data points being shared and some of those include name, date of birth, phone number, email address, voter ID, voter status, residence address, mailing address, race, gender, registration date, party affiliation, precinct, school board district, House, Senate and Congressional districts. As previously stated, no information on who may be behind the leak has been released but with the election right around the corner, and the information being found on a Russian criminal forum has made some concerned that the data will be used to attempt phishing email distribution or some type of scam.

Analyst Notes

With the election coming soon, voters should be on high alert for scams whether they are over the phone or through phishing emails. Be aware that voter registration information is publicly available and simply because someone references the correct voter registration number or date of birth in a phone call or email, it does not mean that they must be affiliated with the state elections department. Sometimes when a large amount of information like this is compiled, threat actors can use it to attempt scams that can lead to identity theft, by using the information as a pretext to convince voters to give up more sensitive information such as Social Security Numbers (SSNs). Voters should never give their SSN to anyone asking for it over the phone or email. Emails from unknown sender asking for information or that include an attachment should never be clicked on.