Data Exfiltrated From Alaskan Voter Registration ServersOfficials Believe Stolen Data Used for Voter Intimidation, Propaganda
Hackers exfiltrated voters’ personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials say.
Registered voters’ names, dates of birth, driver’s licenses or state identification numbers, last four digits of their Social Security numbers, mailing addresses and party affiliation were compromised, according to officials at the Alaska Division of Elections.
Election officials told the Juneau Empire newspaper that 113,000 voter records were potentially exposed.
"The flaw they [hackers] exploited did not allow them to manipulate the data in the system,” state election officials said in a statement. “The evidence thus far indicates the actors used the information for voter intimidation and propaganda, which was likely their primary goal."
The hackers gained access to the data between Sept. 19 and Oct. 17, but the breach wasn’t discovered until Oct. 26, officials said. Although certain data was copied and removed, officials say there’s no evidence any data residing on the servers was altered or deleted.
"I have full confidence in the voting process and in the final 2020 election results," says Lieutenant Governor Kevin Meyer. "Our voting procedures, ballot tabulation systems and election review processes are not linked to the voter registration system that was compromised, and we have other safeguards that ensure every voter’s registration can be verified."
"The state’s preliminary investigation confirmed the initial findings – that Alaskan voter records were extracted from a publicly exposed web page by an unauthorized party using publicly available tools, but no data was altered," state officials said in the statement.
"An extensive investigation was also performed on the impacted servers, including a review of event logs and an audit of system memory, for indicators that data had been altered or deleted. There were no signs of this, either.”
The hackers attempted to gain access using several other methods but were rebuffed by the system’s cybersecurity defenses, officials said.
The Alaska Division of Elections did not immediately respond to Information Security Media Group’s request for comment.
Federal officials released a flurry of warnings in the weeks leading up to the 2020 presidential election regarding disinformation campaigns.
Ironically, the U.S. Cybersecurity and Infrastructure Security Agency in September said claims made by foreign actors that they hacked voter data bases were inaccurate (see: FBI, CISA Again Warn of Election Disinformation Campaigns).