Hackers have breached databases for election systems in Illinois and Arizona, according to state election and law enforcement officials.
In Illinois, hackers accessed a database for the Illinois Board of Elections, compromising up to 200,000 personal voter records according to Ken Menzel, General Counsel for the board.
The FBI is investigating the hack, which initially occurred in late June and was discovered in July. It was first reported by Yahoo. Officials with the Board of Elections are “highly confident they (the hackers) weren’t able to change anything, although the investigation is still going on” according to Menzel.
The Illinois database included voters’ names, addresses, sex and birthdays in addition to other information. Some of the records include either last four digits of a voter’s social security number or drivers’ license numbers. The database is comprised of records for 15 million individuals and is 10 years old. Not all outdated information has been purged, according to Menzel, so some of those records likely include information for deceased voters or those who have subsequently moved.
According to Matthew Roberts, Director of Communications for the Arizona Secretary of State, in late May, Arizona officials took the statewide voting registration system offline after the FBI alerted the Arizona Department of Administration that there was a credible cyber threat to the voter registration system.
When they took the system offline to review any vulnerabilities, they discovered that a county election official’s username and password had been posted online publicly. It’s believed that a worker may have inadvertently downloaded a virus which exposed the username and password. In this instance, the username and password information posted would only give individuals access to a localized, county version of the voting registration system, and not the entire state-wide system.
Roberts says there is no evidence that any data within the system was compromised and there was no evidence of malware present in the database.
The breaches are causing concern among election officials because of the voter personal information that could have been stolen, not because of any fear that an election could be stolen, law enforcement officials say.
Gee… who could make use of this?