The Colorado Secretary of State’s Office accidentally posted a document on its website that contained multiple voting system passwords, the authorities of the US state admitted on Tuesday.
The Colorado Secretary of State’s Office said it had taken immediate action after being made aware of the breach, as well as informing the Cybersecurity and Infrastructure Security Agency. “The spreadsheet located on the Department’s website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems,” officials said.
“This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” spokesman Jack Todd said in a press release.
The passwords were just one layer of security that protects state elections, the spokesman stressed. There are two unique passwords for every piece of election equipment, both of which can only be used with “physical in-person access” to a voting system. The systems themselves are protected by video surveillance and require ID badges to access, Todd said. “It is a felony to access voting equipment without authorization,” he added.
According to 9News, Colorado Republican Vice Chair Hope Scheppelman shared a file containing a hidden tab in a mass email, which also included an affidavit from an unnamed person who claims to have downloaded the Excel file from the state secretary’s website and was able to read the hidden tab after simply clicking ‘unhide.’
Colorado Secretary of State Jena Griswold has downplayed the incident. “To be very clear, we do not see this as a full security threat to the state. This is not a security threat,” she told 9News on Tuesday evening. Griswold noted the document had been up on the government website for several months before the error was made public.
The Colorado Republican Party released a statement, saying that over 600 so-called BIOS passwords for voting equipment in 63 of the state’s 64 counties were compromised. “It’s shocking really. At best, even if the passwords were outdated, it represents significant incompetence and negligence, and it raises huge questions about password management and other basic security protocols at the highest levels within Griswold’s office,” Colorado GOP chair Dave Williams said.
The incident comes less than a week before the US presidential election on November 5. Republicans and Democrats have accused each other of undermining faith in the fair outcome of the vote and attempting to use illicit means to sway the election in their favor.
Earlier this month, former Colorado county clerk Tina Peters was sentenced to nine years behind bars for allowing an unauthorized person to access the election system. Peters said she attempted to find evidence of the supposed voting machine fraud that Republican presidential candidate Donald Trump claimed had cost him the 2020 election. Trump continues to insist that the election was “stolen,” despite the courts and investigators not finding evidence that would back his claim.