You have reached your limit of free articles this month.

Enjoy unlimited access to myAJC.com

Starting at just 99¢ for 8 weeks.

GREAT REASONS TO SUBSCRIBE TODAY!

  • IN-DEPTH REPORTING
  • INTERACTIVE STORYTELLING
  • NEW TOPICS & COVERAGE
  • ePAPER
X

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and bonus content- exclusively for subscribers. Starting at just 99¢ for 8 weeks

X

Welcome to myAJC.com

This subscriber-only site gives you exclusive access to breaking news, in-depth coverage, exclusive interactives and bonus content.

You can read free articles of your choice a month that are only available on myAJC.com.

As many as 7.5 million voter records involved in Georgia data breach


Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach.

As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record. Neither federal officials nor university officials would confirm the scope of the investigation or how many records had potentially been accessed.

State officials found out about the breach Thursday evening, after being notified by the university. The governor’s office said it asked the Georgia Bureau of Investigation to contact the FBI after learning about the scope of the problem.

“After learning of this incident at Kennesaw State University, we reached out to law enforcement,” Georgia Secretary of State Brian Kemp said. “This matter is deeply concerning, but I am confident the FBI working with KSU will track down the perpetrator.”

The university in a statement released Friday afternoon said it was “working with federal law enforcement officials to determine whether and to what extent a data breach may have occurred involving records maintained by the Center for Election Systems.”

“Because this involves a pending criminal investigation, Kennesaw State will have no further comment on this matter and any inquiries should be addressed to the U.S. Attorney’s Office,” the statement said.

The FBI had no immediate comment. A spokesman for the U.S. Attorney’s Office also declined to comment because the investigation is ongoing.

The Georgia Secretary of State’s Office said Friday that the investigation is not related to its own network and is not a breach of its own, separate database containing the personal information of 6.6 million voters currently registered in Georgia. The office referred all other questions to both university and federal officials.

In 2015, the Secretary of State’s Office inadvertently disclosed the Social Security numbers and other private information of more than 6 million registered voters. That data went to 12 organizations, including media outlets and political parties, who regularly subscribe to “voter lists” maintained by the state, although the office later said all 12 discs containing the data were either recovered or destroyed.

The election systems center at the university has since 2002 overseen the state’s election operations and voting machines. It does that work through an agreement with the Secretary of State’s Office. It does not, however, maintain live databases or the state’s official voter registration database.

The collaboration with the center is one of the most unusual election partnerships in the nation. Merle King, the center’s executive director, is respected nationally for his deep knowledge of election systems. The center has only one client — the state – and only a handful of staff and student assistants, yet it has a hand in almost every operation that touches Election Day.

It creates every ballot for every election and tests every single piece of voting equipment used across the state, among other things.

The center also sources every single device known as an electronic poll book (a digital list of eligible voters) used by poll workers in each of the state’s 3,000 precincts to verify voters’ names, addresses and registration.

It pulls those names from the Secretary of State’s Office’s database, although the list at the center is itself not live on the internet. It is instead housed on a closed, internal system at the center. The voting transaction logs kept on those electronic poll books are also not directly housed on the internet but rather on the center’s servers.

That is by design. While anything is possible, the system has different layers of security and controls built into it to limit and detect unauthorized access.

If a breach occurred involving voter records, it would likely have to do with the logs used to create the electronic poll books. It also would likely have come through the university’s own information technology system, given the statement from the Secretary of State’s Office that its network and systems were not involved.

The university’s IT system would have provided the most likely gateway into the center’s servers and into the logs used by the center to build the poll books.

It is unclear, however, exactly how it happened, exactly what information was taken or whether the breach was malicious.

Tony Uceda Velez, the CEO of the Atlanta-based data security company VerSprite, is not involved in the probe but said he would expect federal investigators to cast a wide net in piecing together what happened.

“They’re going to comb through network logs, going to look at server logs, they’re going to look at application logs and they’re basically going to try to piecemeal a time of when the attack happened and what types of activities happened on the network and on those different sources,” Uceda Velez said.

“I know a lot of people at the university and there are a lot of good people there,” he said, “and I’m sure they’re doing the necessary steps around forensic analysis and incident response.”

Staff writer Greg Bluestein and Channel 2 Action News reporter Aaron Diamant contributed to this article.



Reader Comments ...


Next Up in Georgia Politics

Trump administration could begin enforcing travel ban Thursday
Trump administration could begin enforcing travel ban Thursday

The Trump administration is scrambling to figure out how it will begin enforcing its travel ban in Georgia and across the nation perhaps as soon as Thursday, though many important questions remain unanswered about it. Hoping to prevent the sorts of chaos and confusion that followed the government’s first travel ban in January, Atlanta-area advocates...
Georgia saves up to $56 million booting ineligibles from health plan
Georgia saves up to $56 million booting ineligibles from health plan

Georgia’s massive health care plan that covers teachers, state employees, retirees and their dependents is hoping to save big money by kicking ineligible Georgians off the rolls. Department of Community Health officials audited employees and dependents on the plan, which covers 640,000 Georgians. It found that almost 16,000 dependents...
Lacking enough support, Senate GOP delays health care vote
Lacking enough support, Senate GOP delays health care vote

Senate Republican leaders hit the brakes on their proposal to overhaul the health care system Tuesday, throwing into doubt the fate of the party’s central campaign promise and injecting a major dose of uncertainty into an industry that encompasses one-sixth of the nation’s economy. The move, which came in the face of mounting dissent from...
More data seized from NSA leak suspect in Georgia
More data seized from NSA leak suspect in Georgia

Authorities have gathered additional classified information in the National Security Agency leak investigation here beyond what the suspect is accused of revealing to the news media about Russia’s meddling in the U.S. election system, according to federal prosecutors. Without identifying the information or saying where they got it, the prosecutors...
Appellate court rules against Oxendine, keeps ethics complaint alive
Appellate court rules against Oxendine, keeps ethics complaint alive

Former Georgia Insurance Commissioner John Oxendine lost another round in his court fight to have accusations dismissed over his handling of campaign money during his failed 2010 bid for governor. A Superior Court judge last year rejected Oxendine’s bid seeking dismissal of the state ethics commission complaint and ruled that the ethics panel...
More Stories