Colorado voting system partial passwords accidentally posted on government website

(This Oct. 29 story has been corrected to clarify that the comments are from the CISA spokesperson in paragraph 6)

By Jasper Ward

WASHINGTON (Reuters) – Partial passwords to some parts of the state’s voting systems that were accidentally posted online pose no threat to Nov. 5 general election, the Colorado Department of State said on Tuesday.

The department said a spreadsheet located on its website “improperly” included a hidden tab including partial passwords to certain components of Colorado voting systems.

“This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” it said.

The department said it took immediate action and informed the Cybersecurity and Infrastructure Security Agency (CISA).

A CISA spokesperson said the agency is aware of the incident and is in communication with the Colorado Secretary of State’s Office.

“We understand the incident only impacts voting systems in Colorado and defer to the Secretary of State’s office for mitigation specifics,” the spokesperson said.

Hope Scheppelman, the vice chair of the state’s Republican Party, said over 600 passwords for voting systems in 63 of Colorado’s 64 counties were shared on the website. She said the passwords were not encrypted and they were posted since at least August.

Scheppelman released an affidavit of a person claiming to have accessed the passwords from Aug. 8 to Oct. 23. The name of the person was blocked out. Reuters was not able to independently verify it.

In its statement, the Colorado Department of State said the state’s election process includes many layers of security.

“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties,” it said. “Passwords can only be used with physical in-person access to a voting system.”

It added that there are strict chain of custody requirements that track when voting systems component has been accessed and by whom.

(Reporting by Jasper Ward; Editing by Michael Perry)

Close Bitnami banner
Bitnami