IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

SacBee Deletes Databases After Ransom Hacking

Two Sacramento Bee databases on a third-party computer server were seized last month by an anonymous hacker who demanded The Bee pay a ransom in bitcoin to get the data back.

Two Sacramento Bee databases on a third-party computer server were seized last month by an anonymous hacker who demanded The Bee pay a ransom in bitcoin to get the data back.

The intrusion, which was discovered by a Bee employee last week, exposed one database containing California voter registration data from the California secretary of state and another that had contact information for 53,000 current and former Bee subscribers who activated their digital accounts before 2017.

The Bee did not pay the ransom and has deleted the databases to prevent further attacks, Publisher Gary Wortel said. Wortel said The Bee is notifying affected subscribers that their names, addresses, email addresses and phone numbers were exposed. He said that neither the subscriber database nor the voter registration database included sensitive financial data such as Social Security numbers, credit card numbers or bank account information.

"We take this incident seriously and are working with the Secretary of State's Office to share with them the details of this intrusion," Wortel said.

The Bee had obtained the voter registration database from the state for reporting purposes, and it's not the first time this information has been exposed on the public Internet. The state has provided the same database to other organizations, and some of them have also been subject to attack — including a 2017 incident in which a hacker made a similarly worded demand for a bitcoin ransom. The Secretary of State's Office said it has informed law enforcement of both incidents.

The voter database includes contact information — addresses and phone numbers — and party affiliations, dates of birth and places of birth for 19.4 million voters. It is public information, but by state law can be used only for governmental, political, academic or journalistic purposes.

Sam Mahood, a spokesman for the office, said hackers have not breached the state's own voter rolls, but rather only data held by private organizations. He said that the data disclosed in the recent incidents will not affect someone's ability to vote.

The Bee learned of the incident on Jan. 29 when a developer noticed that a database would not upload correctly to a server maintained by a third-party hosting service. The developer then discovered a note from a cybercriminal demanding a bitcoin ransom in exchange for the data. The information was compromised last month after The Bee's vendor performed routine maintenance and the firewall did not come back online. With the firewall down, The Bee's database was exposed to the public Internet for about two weeks.

Wortel said The Bee is redoubling its security efforts to protect against future attacks and is providing affected subscribers with information on how to guard against potential misuse of their personal information.

In November, Sacramento Regional Transit system computers were hacked, and the hackers erased data and threatened to do more harm if SacRT didn't pay them one bitcoin, then worth about $8,000.

(c)2018 The Sacramento Bee. Distributed by Tribune Content Agency, LLC.