Weak Internet-security measures at the Federal Election Commission could impair the agency’s ability to carry out one of its primary missions: making information about who is funding U.S. elections available to the public. The FEC hasn’t implemented improvements that were recommended after a series of attacks on its website—including at least one successful hack—leaving it vulnerable to future breaches, according to three previously unreported internal reports. It took the agency weeks to get its campaign-finance disclosure system fully back up to speed after an attack by hackers in China disrupted its operation during the October 2013 government shutdown, when all of the agency’s 335 employees had been furloughed.
The FEC said no private information about donors, voters or other individuals was obtained during the hack. But weaknesses in FEC systems, which one report said the agency had known about for more than a decade, raise questions about the security of the large amount of personal financial data the agency holds. That data includes bank account information that the FEC has collected as part of investigations into possible violations of campaign-finance law.
The FEC’s troubles fit a broader pattern in which the government has struggled to ward off hacking. Last week, U.S. officials said they suspected that hackers in China stole the personal records of as many as four million people in a breach of Office of Personnel Management computers. Russian hackers also are suspected in a large, long-running breach of State Department computers.