Colorado’s top election official reveals new details about security breach

In a worrying security lapse prior to the election, Colorado Secretary of State Jena Griswold disclosed that passwords for voting equipment were left online for four months before being discovered and removed. The passwords were released on June 21 and removed on October 24, according to Democrat Griswold. A spreadsheet with the passwords in a hidden tab was made by a former employee. According to Griswold’s office, the spreadsheet was subsequently uploaded to the Colorado Department of State’s voting system equipment subpage.

The staffer departed “amicably” prior to the breach being made public, according to Griswold’s office. Griswold, however, declined to provide specifics regarding the worker’s departure. According to Griswold’s office, the password compromise impacted 34 out of Colorado’s 64 counties. Although the breach was found on October 24, it wasn’t made public until five days later, when the Colorado Republican Party sent out an email announcing it.

Griswold justified her office’s choice to delay disclosing the incident to the public, saying she was unsure if the passwords were still active. Her initial goal, she stated, was to comprehend the “size and scope of the disclosure”. According to Jena Griswold’s office, the password compromise impacted 34 out of Colorado’s 64 counties. The state is being sued by the Colorado Libertarian Party for the violation.

According to Griswold’s office, the Colorado Bureau of Investigation, the Governor’s Office of Information Technology, and Colorado’s committed County Clerks assisted in updating the passwords on all impacted active devices. Colorado’s elections are safe, according to Griswold.