The Hillsborough County Supervisor of Elections Office has sent out notices to 58,000 people whose personal data appears to have been breached through criminal cyber activity.
The elections office initially reported on May 3 that it was working with federal, state and local law enforcement officials to investigate an illegal data breach.
The office released an update on that investigation last week.
“The investigation has determined that an unauthorized user appears to have illegally accessed and copied files containing personal identification information, such as social security or driver license numbers, primarily from files used to conduct voter registration list maintenance,” according to a news release from Supervisor of Elections Craig Latimer’s office.
“Voter registration list maintenance is the state-mandated process by which the office continually reviews its voter roll to identify necessary updates,” the release adds.
“It’s important to note that the voter registration system and the ballot tabulation system, which have additional layers of security, were not accessed,” the release continues.
Notification letters went out last week to alert those affected.
Since this is an ongoing criminal investigation, no additional information can be shared at this time, the release added.
When the office initially reported the criminal cyber activity, Latimer informed the public, by saying: “We learned that an unauthorized user illegally accessed files on a shared drive on our network and we immediately notified federal, state and local law enforcement partners, including the Hillsborough County Sheriff’s Office, the Florida Department of Law Enforcement, the FBI, MS-ISAC, the Florida Department of State, and the cybersecurity division of Hillsborough County’s Information and Innovation Office.”
At that time, Latimer also said: “It’s very important to note that the unauthorized user did not have access to our voter registration system or our ballot tabulation system. Our voter registration system has multiple layers of protection, monitoring and redundancy. Our tabulation system does too, and uses a stand-alone, air-gapped server that is not connected to anything else. That server has not been compromised in any way.”
Published June 07, 2023
