The Illinois State Board of Elections announced Wednesday that 700 voter records were viewed by hackers — with another 86,000 “strongly suspected” of being viewed — during a cyber-attack of the voter database earlier this summer.
That number is down significantly from Monday when state election officials estimated that personal information from 200,000 voters had been breached.
The 700 confirmed voters will be notified by mail about the hack, as will the 86,000 voters whose records may have been viewed, officials said. There are also 3,533 records viewed that couldn’t be identified.
If a voter’s records were viewed, hackers could have seen their name, address and date of birth. If a voter provided a phone number, email address, driver’s license number or the last four digits of a Social Security number, that information may also have been viewed, election officials said.
“Even if a voter’s record was viewed, the Board is sure no records have been altered or changed in any way,” the State Board of Elections said in a release.
Voters who suspect identify theft are being asked to call the Illinois Attorney General’s Identity Theft Hotline at 866-999-5630.
The breach is under investigation by the FBI in both Arizona and Illinois. In both cases, the hacks involved online voter registration data. The Illinois State Board of Elections last week detailed it in a report, calling it a “malicious cyber-attack of unknown origin,” against the database.
The board of elections became aware of the problem on July 12, and took the web site and database offline the day to protect it from further hacking, according to the report.
An analysis of the breach revealed it began on June 23. The board of elections notified the Illinois General Assembly and the Illinois Attorney General’s office about the hack on July 19. That led to an investigation by the FBI. The bureau advised that the state work with the Department of Homeland Security’s United States Computer Emergency Readiness Team to ensure there’s wouldn’t be additional breaches.
Security enhancements were finished on July 21, and the voter system was put back online, the report said. Part of that enhancement included resetting all passwords and forcing users to change their passwords; adding password encryption and resetting and encrypting passwords used by vendors and automated web services.