The Alaska Division of Elections announced Thursday 113,000 potential voters’ personal information such as birth dates and license numbers were exposed in a recent data breach against the state of Alaska’s voter registration system.
There was no economic information included in the data stolen, said Assistant Attorney General Cori Mills in a news conference Thursday, but it does include birth dates; driver’s license or state identification numbers; the last four digits of social security numbers; names; party affiliation and addresses.
The state is working with state and federal law enforcement, including the FBI, said Lt. Gov. Kevin Meyer, and Division of Elections worked with the vendor to contain the exposure.
“The flaw has been corrected, the purpose of the unlawful access was more to spread propaganda and hurt voter confidence,” Meyer said.
Meyer said he first became aware of the breach on Oct. 27, and began working with the vendor, PCC, law enforcement and a computer forensics firm to stop the exposure. Alaskans whose personal information was compromised will be receiving a letter in the coming days, Meyer said, informing them of recommended action and providing information on free data security services.
The breach was conducted by outside actors, said Mark Breuning, chief information security officer for the state, and voter information was viewed and copied. However, due to the ongoing investigation Breuning said he was unable to comment on where the attack was coming from or who the perpetrators were.
The data breach did not affect the results of the 2020 general election, Meyer said, and DOE and the state had complete confidence in the results of the election. The state’s ballot-counting system is completely separate from the voter registration system, and the attackers would not be able to access the election results, said Division of Elections director Gail Fenumiai
[Election results are certified, but a recount is expected in close race]
“(The attackers) did not and were not able to change any votes, anything they did with this exposure was to cause mistrust in the voting process,” Meyer said.
Asked about what kind of propaganda was believed to have been spread, Meyer said that was mostly speculation on the state’s part based on a pattern of widespread misinformation during elections. Breuning, citing the ongoing investigation, said he was unable to comment but agreed with Meyer’s assessment.
In October Alaskans were among voters targeted by messages threatening unspecified actions if they did not vote for Trump, the New York Times reported. Federal authorities found those emails were intentionally deceptive and meant to undermine confidence in elections, the Times reported.
Many details about the data exposure remain unclear, the Lt. Governor’s office said in a release, such as the exact identity of the outside actors or the precise information that was copied. The state is still investigating and following published mitigation policies, the release said.
According to the release, voters whose information may have been exposed have been or soon will be notified by mail as required by law. The letter will contain information about the event as well as instructions on how to apply for and receive one year of credit and identity monitoring provided at no cost through Equifax, the release said.
In January Equifax settled with the Federal Trade Commission for its own 2017 data breach.
DOE also established a toll-free number that voters can call to check their status or ask questions: 1-833-269-0003.
• Contact reporter Peter Segall at psegall@juneauempire.com. Follow him on Twitter at @SegallJnuEmpire.
