State election officials are looking at an additional level of security after fears earlier this year that the voter database had been hacked. Matt Roberts, spokesman for the secretary of state’s office, said Monday the agency wants to implement “two-factor authentication” before anyone can get access to the list of registered voters. That would involve users providing more than just the sign-in name and password now required. The move follows what Roberts said was the FBI telling state officials nearly two months ago there was a “credible threat” that the database had been compromised. He said the state took the database offline and then examined it to see if any malware had been uploaded into it. “We were unable to find any of that,” Roberts said.
“We didn’t find any evidence that anyone had penetrated the system at all,” he explained. “It was, according to those cybersecurity folks, a localized attack where an election employee had downloaded a virus inadvertently.”
That “localized attack” was the result of a Gila County election official, who was not identified, apparently had some malware that exposed that person’s username and password for the state voter registration database.
All passwords for the state system were subsequently changed.