By Zachary Stieber
Passwords for Colorado’s voting systems were online for four months, Colorado Secretary of State Jena Griswold said in a Nov. 4 statement.
An employee with the secretary of state’s office uploaded the spreadsheet containing the passwords on June 21, Griswold said. The spreadsheet remained online until Oct. 24.
The employee who posted the passwords is no longer working for the office, Griswold has said. In the new update, the Democrat clarified that the staffer “amicably left” the job “before this matter took place.”
The public was not informed about the security problem until Oct. 29, five days after Griswold’s office said it discovered the issue. The Colorado Republican Party first informed the public about the situation.
“Making this public without understanding the size and scope of the disclosure, and without having a concrete plan for determining our technical and outreach strategy, would run contrary to cybersecurity best practices and carried a significant risk of fueling the major disinformation environment that surrounds elections today,” the secretary of state’s office said.
The passwords were for some voting system components. Officials say they aren’t enough by themselves to access a system. The passwords can only be used when people access the system in person, and voting equipment, under state law, must be stored in rooms that require a secure identification badge to enter.
The disclosed passwords covered systems in 34 of Colorado’s 64 counties, according to state officials. The Colorado Republican Party has said the disclosure affected 63 of the 64 counties.
Colorado officials said they since have changed all the passwords.
“Colorado’s elections are safe and Coloradans will have their voices heard on Election Day. Our elections have many layers of security. Ensuring that Colorado’s elections are secure and accessible has been and will always be our top priority, which is why the Department of State, along with County Clerks and election workers across the state, address any and every potential risk to our elections with the utmost seriousness,“ Griswold said on Monday. ”I am regretful for this error. I am dedicated to making sure we address this matter fully and that mistakes of this nature never happen again.”
The secretary of state’s office has hired an unidentified law firm to investigate how the situation unfolded and how it could be prevented in the future. The office says it will “release any findings as the law permits.” It is also planning to mandate all staff members take additional cybersecurity training.
Colorado Republicans have called for Griswold to step down in the wake of the password disclosure, but she has so far declined to do so. The 40-year-old, who once worked for former President Barack Obama’s campaign, has been in office since 2019.
The Colorado Libertarian Party sued Griswold and her top employee, Christopher Beall, alleging they breached their legal duty with the disclosure of the passwords and improperly changed the election rules to allow for the passwords to be changed.
“We are compelled to take this legal route to ensure that such lapses in security are not only corrected but are prevented in the future,” James Wiley, a candidate in Colorado’s 3rd Congressional District and one of the plaintiffs, said in a statement. “Voter confidence is at stake, and it is our duty to safeguard the trust in our electoral systems.”
Discover more from USNN World News
Subscribe to get the latest posts sent to your email.