Jena Griswold, the Democrat secretary of state for Colorado, revealed that voting equipment passwords were posted online for four months before they were noticed and taken down.
Colorado Secretary of State Jena Griswold revealed voting equipment passwords were posted online for four months before being noticed and taken down in a concerning security breach ahead of the election.
Griswold, a Democrat, said the passwords were posted on June 21 and were taken down on Oct. 24.
A former staff member created a spreadsheet that contained the passwords in a hidden tab. The spreadsheet was then posted on the Colorado Department of State’s subpage for voting system equipment, Griswold’s office said.
Griswold’s office said the employee left “amicably” before the breach was made public. However, Griswold refused to share specific details about the employee’s departure.
COLORADO SECRETARY OF STATE SITE ‘IMPROPERLY’ DISPLAYED PARTIAL PASSWORDS FOR VOTING SYSTEMS
Griswold’s office determined that 34 of Colorado’s 64 counties were affected by the password breach.
While the breach was discovered on Oct. 24, it wasn’t made public until the Colorado Republican Party revealed it in an email five days later.
Griswold defended her office’s decision not to detail the breach to the public right away, claiming she didn’t know if the passwords were active. She said she wanted to understand the “size and scope of the disclosure” first.
ARIZONA COUNTY DEFENDS RESTORING 98,000 WITH UNCONFIRMED CITIZENSHIP TO VOTER ROLLS
The Colorado Libertarian Party is suing the state over the breach.
Griswold’s office said all affected active equipment had undergone password updates with support from the Governor’s Office of Information Technology, Colorado Bureau of Investigation and Colorado’s dedicated County Clerks.
‘CONTINUED HARASSMENT’: LAWSUIT TO BAN FEDS FROM POLLING SITES FILED BY MISSOURI REPUBLICANS
Griswold insisted Colorado’s elections are safe.
The secretary’s office said it is working with a law firm on an outside investigation to determine how the breach happened, how it could be prevented and any recommendations for improvement.
It added it will also require additional cybersecurity training with all staff, including password management and security procedures.