The Sacramento Bee deleted two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and contact information for 53,000 current and former subscribers to the newspaper.

The paper refused to pay the hackers' demand for a bitcoin ransom and is notifying subscribers whose information was affected, according to its publisher Gary Wortel, who also serves as west regional publisher at parent company McClatchy.

The Sacramento Bee said in a statement that a firewall protecting its database was not restored during routine maintenance last month, leaving the 19,501,258 voter files publicly accessible for two weeks. Additionally, the names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers, who activated their digital accounts prior to 2017, were compromised.

“We take this incident seriously and have begun efforts to notify each of the individuals on the contact list and to provide them resources to help guard against potential misuse of their personal contact information,” the paper said in a statement. “We are also working with the Secretary of State’s office to share with them the details of this intrusion.”

The Bee learned of the incident on Jan. 29 when a developer noticed that a database would not upload correctly to a server maintained by a third-party hosting service. The developer then discovered a note from a cybercriminal demanding a Bitcoin ransom in exchange for the data.

“After a reporter with another publication alerted our office that a Sacramento Bee server with voter registration data may have been compromised, the Secretary of State's office immediately reached out to The Sacramento Bee and McClatchy,” according to a statement from the office of the California Secretary of State. “McClatchy confirmed that the Sacramento Bee's server was breached. The Secretary of State's office takes any allegation of improper use of voter data very seriously, and continues to work with The Sacramento Bee and McClatchy to gain a full picture of this incident. Our office has also notified law enforcement.”

The Bee obtained the voter registration database from the state for reporting purposes, and it’s not the first time this information has been exposed publicly on the web. The state has provided the same database to other organizations, and some of them have also been subject to attack – including a 2017 incident in which a hacker made a similarly worded demand for a Bitcoin ransom.

The voter database includes contact information – addresses and phone numbers – and party affiliations, dates of birth and places of birth for 19.4 million voters. It is public information, but by state law can be used only for governmental, political, academic or journalistic purposes.

“It is important to emphasize that no confidential information – such as social security numbers, driver's license numbers, state ID numbers, or voter signatures – is ever provided in response to a request for the state voter file,” the Secretary of State's statement said. “Those with access to the voter file have a responsibility to take the necessary measures to protect voter data, wherever and however it is used, and to report any compromises to the Secretary of State's office and law enforcement in a timely manner.” 

Below is a sample of a leaked voter record, with personal information redacted. It contains the voter’s name, phone number, address, gender, date of birth, political affiliation, and other election-related details.

Wortel said The Bee is redoubling its security efforts to protect against future attacks.He said subscribers with questions or concerns should contact The Bee at 800-284-3233 or customerservice@sacbee.com.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.