Illinois election officials say hack yielded information on 200,000 voters
August 29, 2016
CHICAGO — Illinois State Board of Elections officials said Monday they believe personal information from fewer than 200,000 voters was hacked through a cyberattack of possible foreign origin that began in June and was halted a month later.
Ken Menzel, general counsel for the elections board, said no files of registered voters were erased or modified and that no voting history information or voter signature images were captured.
But he said it’s possible that some voter personal information, including driver’s license numbers and the last four digits of Social Security numbers, could have been accessed of voters who entered that information when they registered to vote online.
Advertisement
Voters who have been registered for a long time or those who registered to vote through a registrar do not have that personal information in the state voter files, he said.
“It looks to be fewer than 200,000” names, Menzel said of the hack. “We say that the system was compromised in this context, that it’s been accessed. We’re very confident nothing was added, deleted or altered.”
The elections board, however, warned that “due to the ambiguous nature of the attack, we may never know the exact number of affected voters.”
After the Illinois cyberattack and another attempt in Arizona, the FBI issued a “flash alert” this month to warn of malicious attempts to obtain access to states’ election voter registration information. The actions by the FBI and related activity by the Department of Homeland Security were first reported by Yahoo News.
In Illinois, elections officials said the cyberattack began June 23. Board staff became aware of a security breach on July 12 and programmers used code changes to stop the malicious outside database queries.
The board also took offline outside access to its website, including its online voter registration application process, to prevent further intrusions. Notifications were made to the Illinois attorney general’s office and the General Assembly under the state’s Personal Information Protection Act, Menzel said.
The online voter registration portal was restored late last month and the board has added further encryption and taken other steps to enhance security, officials said.
Advertisement*
“We’ve been working with the people in the governor’s technology group [the Illinois Department of Innovation and Technology] and they’ve been wonderfully helpful,” he said. “There are also some interstate groups that have banded together for security issues, as well as the FBI and Homeland Security.”
Menzel said there is a “reasonable suspicion” that the cyberattack was foreign. “We know foreign servers were used, but it’s not conclusive that foreign actors were involved,” Menzel said.
He said the FBI has “their reasons for suspecting foreign involvement, other than just some foreign servers were used.”
The stepped-up activity to protect states’ voter election databases comes as the FBI investigates a hack of the Democratic National Committee that resulted in the unauthorized release of tens of thousands of emails. Security and intelligence experts have said they believe the DNC was hacked by interests linked to Russia.
___
(c)2016 Chicago Tribune
Visit the Chicago Tribune at www.chicagotribune.com
Distributed by Tribune Content Agency, LLC.
Advertisement