Partial passwords to some Colorado voting systems were inadvertently posted online but pose no threat to the security of the upcoming November 5 general election, according to the Colorado Department of State.
The department disclosed that a spreadsheet on its website had mistakenly included a hidden tab with partial passwords for certain components of the state’s voting infrastructure. In response, officials acted promptly, removing the document and notifying the Cybersecurity and Infrastructure Security Agency (CISA). “This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” the department affirmed.
CISA confirmed awareness of the incident and is working with the Colorado Secretary of State’s Office. “We understand the incident only impacts voting systems in Colorado and defer to the Secretary of State’s office for mitigation specifics,” said a CISA spokesperson.
Hope Scheppelman, vice chair of Colorado’s Republican Party, alleged that over 600 unencrypted passwords for voting systems in 63 of Colorado’s 64 counties had been available online since August. She cited an affidavit from an unnamed individual who claimed access to the passwords from August 8 to October 23, though Reuters was unable to verify the document.
In its statement, the Colorado Department of State emphasized the state’s robust election security protocols. “Each election system component has two unique passwords stored separately and managed by different parties,” the department noted, adding that passwords are only functional with in-person access to the voting systems. Chain-of-custody requirements also meticulously document access to each component, ensuring comprehensive tracking and accountability.
The state continues to reassure voters of secure and accurate election processes as November 5 approaches.