SPRINGFIELD — The Illinois State Board of Elections’ online voter registration system remained down Thursday afternoon in the wake of a cyberattack last week.
The attack on the statewide Illinois Voter Registration System occurred July 12, and the system was shut off July 13 as a precaution once the board realized the severity of the attack, according to a message sent to local election authorities.
Hackers exploited “a chink in the armor in one small data field in the online registration system,” said Ken Menzel, the board’s general counsel.
“We’re in the process of analyzing the tracks left by the attack,” Menzel said. “We’re still not ready to say exactly what might have been gotten into.”
The registration database is a frequent target of cyberattacks, he said, but “this is the first time that we’re aware of that anybody’s gotten into anything — not for lack of trying.”
Menzel said the board is confident that no voter information in the database was altered and will follow the proper notification procedures if any personal information was compromised.
McLean County Clerk Kathy Michael on Wednesday night posted a copy of a message attributed to Kyle Thomas, director of the election board’s voting and registration systems division, on her Facebook page. It reads, in part: “(Hackers) were able to retrieve a number of voter records. We are in the process of determining the exact number of voter records and specific names of all individuals affected. (Because of the complex methods used to access the data, this may take 10-15 days.)”
Thomas’ statement also noted that the board believes the attack was the work of foreign hackers.
Alex Heid, chief research officer for cybersecurity startup SecurityScorecard, wrote in an email that the type of attack launched against the State Board of Elections’ database is not a rare occurrence.
“Attacks against government databases and voter registration databases are commonplace, and are happening with increasing frequency as vast amounts of data becomes digitized and stored online,” Heid said, noting a 2014 hack of the federal HealthCare.gov website and the 2015 discovery by a “whitehat researcher” of “multiple exposed databases of voter registration information” in the U.S. and Mexico.
“The bureaucracy of government is the biggest obstacle to rapid response to information security incidents,” Heid said. “Attackers do not abide by rules and regulations, whereas those tasked with defense have to operate within their own frameworks.”