Voter information for thousands was accessed
State elections officials reiterated Friday that the state has taken steps to thwart the hacking of the state’s elections system that was cited in a federal indictment handed down earlier in the day.
At a Statehouse news conference, Board of Elections spokesman Matt Dietrich said that while the indictment did not mention Illinois by name, state officials assume that the indictment’s reference to the 2016 hacking of a state elections website refers to Illinois.
The indictment merely refers to “SBOE 1” as the state elections board hacked by the Russians.
“We think it’s very likely that we are SBOE 1,” Dietrich said. “We have not received any confirmation from the Department of Justice on that. But based on the circumstances described in the indictment, we think it’s pretty likely that that’s us.”
The indictment says that in July 2016, Russian hackers hacked a board of elections website “and stole information related to approximately 500,000 voters, including names, addresses, partial social security numbers, dates of birth and drivers license numbers.”
That is substantially more than the 76,000 people previously identified by the state Board of Elections as possibly having their information compromised by a hacker.
Dietrich, though, said the state still stands behind the 76,000 figure. Dietrich thinks the indictment uses a larger figure as a matter of federal law.
“What we used to identify the voters we thought needed to be identified led us to notify 76,000,” Dietrich said. “We think there may be two different standards at play there.”
Those voters were notified of the data breach and instructed to contract the attorney general’s office if they noticed any suspicious activity with their personal information. Hackers could have had access to a person’s name, address, birth date, last four digits of their Social Security number and possibly their driver’s license number.
“We haven’t had any cases reported of that since then,” Dietrich said.
It was the Board of Elections own staff that discovered the hack. They noticed unusual activity on the office’s computer system on July 12. After checking computer logs, they realized someone was trying to hack into the system.
The next day, the Board of Elections took the website and voter registration system offline. The office determined that the cyber attacks started June 23 and continued until Aug. 12 when they suddenly stopped. Although the attacks continued, the hackers did not get into the system.
The state notified the FBI and Department of Homeland Security about the problem.
Since the incident was discovered, Dietrich said new firewall hardware and software has been installed at the Board of Elections. The board also has staff now who are focused solely on cyber security issues. The new state budget also contains $13.2 million in federal funding for improvements to voting systems.
Elections plans to use half of that money to create a “cyber security navigator” program. Security experts will work with the state and the 108 local election authorities to ensure everyone is using the best security systems and transmits voter information through a secure network.
Dietrich said the state does not know what the hackers were after.