Personal information of at least 19 million California registered voters — pretty much every voter in the state — ended up in the hands of hackers who apparently held it for ransom payable in Bitcoin earlier this year, researchers at a German digital security firm reported Friday.

It remained unclear Friday whether someone paid the ransom and whether hackers deleted the data, but researchers at the Kromtech Security Center said the Secretary of State of California “was aware of the leak” and that it was “looking into it.”

In a statement to the San Diego Union-Tribune, the office of the Secretary of State said there was “no evidence that any of the Secretary of State’s systems have been hacked or breached.”

We are looking into unconfirmed reports that a third party may have uploaded some California voter information in an unsecure location online. We take any allegation of improper use of voter data very seriously, and have enlisted the support of law enforcement. There is no evidence that any of the Secretary of State’s systems have been hacked or breached or that any confidential information such as social security numbers, driver’s license numbers, state ID numbers, or voter signatures were disclosed. Under state law, limited voter data is made available for restricted use by campaigns, journalists, and academic researchers. It is illegal under state law to share or obtain this data without authorization.

Here’s what we know about this hack:

What voter information was stolen?

Cyber criminals appeared to have accessed the data of 19,264,123 California registered voters. The type of information stolen included each person’s full name, home address, emails, phone number, gender, date of birth and precinct information.

The data did not appear to include social security numbers.

How much were cyber criminals asking for the data?

The data was apparently held at ransom for 0.2 Bitcoin, which was valuated Friday at roughly $3,500.

When was this data stolen?

Kromtech researchers discovered the breach in early December, it said on its blog post, but the data appear to have been taken some time earlier this year.

The exact time frame when the data was taken remains unclear but Kromtech researchers say the “extract date” was May 31, 2017.

How did this happen?

Unlike the typical targeted breach by hackers, this data appear to have been part of the more than 32,000 MongoDB databases left exposed due to a vulnerability in January. Databases containing California voter information may have belonged to a third party, such as a political action committee or a campaign.

Hackers then presented the owners of those databases with a demand for ransom, but it’s unclear if anyone paid it.

Who stole this data?

It remains unclear who exactly is behind this breach, but Kromtech identified a hacker group called Harak1r1 as a potential suspect in a mass breach of MongoDB databases. A second group, own3d, was also identified as another suspect.

Why is this breach significant?

Kromtech says that, at worse, deleting parts of the data could affect California’s voting process. At minimum, the data could end up for sale on the “Dark Web,” it said.

Bob Diachenko, head of communications at Kromtech, explained that the breach underscores the need for states to beef up their cyber security measures to keep voter data safe.

“This is a massive amount of data and a wake up call for millions citizens of California who have done nothing more than fulfil the civic duty to vote,” Diachenko said.

“This discovery highlights how a simple human error of failing to enact the basic security measures can result in a serious risk to stored data. The MongoDB was left publically available and was later discovered by cyber criminals who seemed to steal the data, which origin is still unknown.”

Have some thoughts to share?

Join me in a conversation: Shoot me a private email with your thoughts or ideas on a different approach to this story. As always, you can also send us a tweet.

Email: luis.gomez@sduniontribune.com

Twitter: @RunGomez

Read The Conversation on Flipboard.