Federal investigators say a “security researcher” was behind a data breach at Kennesaw State University’s Center for Election Systems, and his probing of the system broke no federal law. University officials announced the finding Friday after being briefed by investigators from the Federal Bureau of Investigation, ending a monthlong probe over a potential hacking case that had raised alarms over the security of the state’s election system. In a statement, university officials acknowledged what they called “unauthorized access” to a server used by the center, which helps the state prepare elections information and has access to millions of Georgia voter records. No student data were involved in the case. They said the incident has prompted a review of the university’s digital security efforts.
“We are working with experts within the University System of Georgia and a nationally renowned outside firm to validate that KSU’s systems are secured and meet best-practice standards,” KSU President Sam Olens said in the statement. “We greatly appreciate the speed and dedication of the FBI and the U.S. Attorney’s Office in helping us resolve this issue.”
No charges have been announced and officials did not name the researcher, who is believed to have contacted the center at least twice — including once before last year’s presidential election — to notify it about the server’s vulnerabilities and apparently draw attention to them.
The Atlanta Journal-Constitution has reported previously that state officials believed the researcher never penetrated the center’s core systems, which represent the heart of its work.