Next Story

Democrats cry foul as House Republicans redraw district lines

As many as 7.5 million voter records involved in Georgia data breach


Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach.

As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record. Neither federal officials nor university officials would confirm the scope of the investigation or how many records had potentially been accessed.

State officials found out about the breach Thursday evening, after being notified by the university. The governor’s office said it asked the Georgia Bureau of Investigation to contact the FBI after learning about the scope of the problem.

“After learning of this incident at Kennesaw State University, we reached out to law enforcement,” Georgia Secretary of State Brian Kemp said. “This matter is deeply concerning, but I am confident the FBI working with KSU will track down the perpetrator.”

The university in a statement released Friday afternoon said it was “working with federal law enforcement officials to determine whether and to what extent a data breach may have occurred involving records maintained by the Center for Election Systems.”

“Because this involves a pending criminal investigation, Kennesaw State will have no further comment on this matter and any inquiries should be addressed to the U.S. Attorney’s Office,” the statement said.

The FBI had no immediate comment. A spokesman for the U.S. Attorney’s Office also declined to comment because the investigation is ongoing.

The Georgia Secretary of State’s Office said Friday that the investigation is not related to its own network and is not a breach of its own, separate database containing the personal information of 6.6 million voters currently registered in Georgia. The office referred all other questions to both university and federal officials.

In 2015, the Secretary of State’s Office inadvertently disclosed the Social Security numbers and other private information of more than 6 million registered voters. That data went to 12 organizations, including media outlets and political parties, who regularly subscribe to “voter lists” maintained by the state, although the office later said all 12 discs containing the data were either recovered or destroyed.

The election systems center at the university has since 2002 overseen the state’s election operations and voting machines. It does that work through an agreement with the Secretary of State’s Office. It does not, however, maintain live databases or the state’s official voter registration database.

The collaboration with the center is one of the most unusual election partnerships in the nation. Merle King, the center’s executive director, is respected nationally for his deep knowledge of election systems. The center has only one client — the state – and only a handful of staff and student assistants, yet it has a hand in almost every operation that touches Election Day.

It creates every ballot for every election and tests every single piece of voting equipment used across the state, among other things.

The center also sources every single device known as an electronic poll book (a digital list of eligible voters) used by poll workers in each of the state’s 3,000 precincts to verify voters’ names, addresses and registration.

It pulls those names from the Secretary of State’s Office’s database, although the list at the center is itself not live on the internet. It is instead housed on a closed, internal system at the center. The voting transaction logs kept on those electronic poll books are also not directly housed on the internet but rather on the center’s servers.

That is by design. While anything is possible, the system has different layers of security and controls built into it to limit and detect unauthorized access.

If a breach occurred involving voter records, it would likely have to do with the logs used to create the electronic poll books. It also would likely have come through the university’s own information technology system, given the statement from the Secretary of State’s Office that its network and systems were not involved.

The university’s IT system would have provided the most likely gateway into the center’s servers and into the logs used by the center to build the poll books.

It is unclear, however, exactly how it happened, exactly what information was taken or whether the breach was malicious.

Tony Uceda Velez, the CEO of the Atlanta-based data security company VerSprite, is not involved in the probe but said he would expect federal investigators to cast a wide net in piecing together what happened.

“They’re going to comb through network logs, going to look at server logs, they’re going to look at application logs and they’re basically going to try to piecemeal a time of when the attack happened and what types of activities happened on the network and on those different sources,” Uceda Velez said.

“I know a lot of people at the university and there are a lot of good people there,” he said, “and I’m sure they’re doing the necessary steps around forensic analysis and incident response.”

Staff writer Greg Bluestein and Channel 2 Action News reporter Aaron Diamant contributed to this article.

Staff writer Greg Bluestein and Channel 2 Action News reporter Aaron Diamant contributed to this article.


Reader Comments ...

Next Up in Georgia Politics

Abrams campaign deputy resigns after appearing on Russian-funded media
Abrams campaign deputy resigns after appearing on Russian-funded media

A high-level staffer for Democrat Stacey Abrams resigned after he promoted the gubernatorial candidate on a Russian government-funded media outlet that the FBI is investigating as part of a potential Kremlin-backed operation to influence last year’s presidential election. Marcus Ferrell, an Abrams deputy campaign manager, was interviewed...
Georgia Democratic candidate deletes ‘embarrassing’ Facebook posts
Georgia Democratic candidate deletes ‘embarrassing’ Facebook posts

A Democratic candidate for a metro Atlanta state Senate seat last week deleted years-old comments made on social media after being accused of being anti-gay and misogynistic. Jaha Howard, a dentist who last year was the only Democrat to run against state Sen. Hunter Hill and came within 4 percentage points of the incumbent, said he was embarrassed...
Perdue abandons Obama regs meant to aid small poultry farmers
Perdue abandons Obama regs meant to aid small poultry farmers

U.S. Agriculture Secretary Sonny Perdue moved to kill a set of Obama-era regulations on Wednesday that was designed to level the legal playing field between poultry farmers and the large processing companies that ultimately deliver that chicken to America’s dinner plates. His decision will have major implications for Georgia, which leads the...
The Right is cheering Trump’s latest efforts to find an alternative to Obamacare
The Right is cheering Trump’s latest efforts to find an alternative to Obamacare

A roundup of editorials Wednesday lauds President Donald Trump’s plan to cut portions of the Affordable Care Act. From Sens. Tom Cotton and Pat Toomey: Sens. Cotton and Toomey have introduced a bill to exempt many from the individual mandate, killing the penalty Obamacare imposed. From Townhall.com: Trump's new regulation would give people the...
The Left wonders why Trump is targeting his own base on health care
The Left wonders why Trump is targeting his own base on health care

A roundup of editorials Wednesday questions President Donald Trump’s reasoning for changes to the Affordable Care Act. The Detroit Free Press: Maybe Trump’s attacks on health care coverage are linked to a new study that shows those who live longer vote Democratic.  From the St. Louis Post-Dispatch: It is up to the Republicans in Congress...
More Stories