Colorado voting system passwords were inadvertently leaked to the public when the office of Secretary of State Jena Griswold (D) posted a spreadsheet online with a tab that included the information.
The leak was revealed Tuesday morning by Colorado Republican Party Vice Chair Hope Scheppelman, who shared the discovery of the “hidden” spreadsheet tab in a mass email that revealed the passwords when someone simply clicked, “unhide,” 9NEWS reported.
In her email, Scheppelman included an affidavit from someone who claimed they downloaded the Excel file from where Griswold’s office posted it on the Secretary of State website and accessed the passwords:
According to the person, whose name was blocked out in the email, they first accessed the spreadsheet on August 8 and last accessed it on October 23, before the mistake was noticed and removed.
The exposed information is Basic Input/Output System (BIOS) passwords that are “one part of the security process for Colorado’s voting machines,” 9NEWS reported, noting that they are needed to configure voting system settings.
“The Department took immediate action as soon as it was aware of this and informed the Cybersecurity and Infrastructure Security Agency (CISA), which closely monitors and protects the county’s essential security infrastructure,” a spokesperson from Griswold’s office told the local NBC affiliate.
“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system,” the representative added.
Griswold appeared to shirk responsibility for the mishap in an interview with 9NEWS’s Kyle Clark, arguing that he was “unfairly characterizing and leaving out some crucial information” when asking about the current and past election security failures from her office:
“To be very clear, we do not see this as a full security threat to the state. This is not a security threat,” the secretary of state said.
“The U.S. Department of Homeland Security defines an insider threat as somebody who uses authorized access, wittingly or unwittingly, to do harm. Did the actions of your office pose an insider threat to elections?” Clark asked, to which Griswold replied, “No.”
Clark continued to press Griswold, citing a 2021 incident in which her office addressed a leak of Mesa County’s voting system passwords as a “serious breach of voting system security protocols.”
“By that standard, did your office commit a serious breach of voting system security protocols?” the journalist asked.
Griswold again denied that the latest leak was a serious security breach, saying, “The law has been significantly strengthened since then, we have multiple layers in place to ensure situations like Mesa County don’t occur.”
Clark then shot back with two more major examples of Griswold’s office casting doubt on the security of the state’s election process before asking if she will resign:
This is not the first time that your office has made mistakes that have damaged voter’s confidence in our elections. In 2022, your office sent out mailers to 30,000 non citizens, inviting them to register to vote. They, of course, are not eligible to register to vote. That same year, your office used Colorado’s ballot tracking system to send messages to specific Coloradans, encouraging them to vote when in fact they had already voted, causing confusion that had to be cleaned up by the county clerks. And now, this leak of the voting system passwords. Given your office’s repeated errors that have damaged confidence in our elections, which you say is paramount, will you resign?
Griswold appeared to be offended at the question:
Absolutely not Kyle… You are unfairly characterizing and leaving out some crucial information. We came out immediately and said a postcard had been sent out to people who are ineligible. The postcard clearly stated that someone had to be a US citizen. No one tried to register from that group of people. We were actively tracking it. And it became a situation where no one registered. And to push back even further, Kyle, Colorado is tied for number one in confidence in the country. In our elections, we have stood up to situations time and time again to protect the right of Coloradans going over and beyond what anybody would ask of civil servants in this office.
“Secretary Griswold told me today that she had not decided whether to tell you the public about that password leak before she got called out on it publicly today,” Clark said following the interview.
Matt Crane, executive director of the Colorado Clerks Association, and former Republican Arapahoe County Clerk, told the outlet that while the password leak is concerning, the clerks association is satisfied with the actions that Griswold’s office is taking to remedy the issue.
“The truth is, is this a concern? Yes,” Crane said. “Is it being mitigated? Yes. Does this mean that all of the computers are connected to the internet and that votes are being flipped? No.”
He went on to warn that other Republicans might use the issue for “political and financial purposes.”
“I want to stress here, this isn’t our Republicans, but you will have some Republicans who will use this for political and financial purposes. Whereas we as clerks, we will stay in the truth in honoring our oath of office to serve our constituents in a truthful and honest manner,” Crane argued.
According to Griswold, county clerks were not alerted to the leak at first.
“We did not decide not to disclose something to county clerks. We were actively investigating along with federal partners,” she said. “We want to try to take as measured of approaches to situations as possible and gather good information. So, along those lines, we are still in an active investigation.”
Griswold previously made an unsuccessful bid to get former President Donald Trump kicked off the ballot, which was unanimously rejected by the U.S. Supreme Court, Breitbart News reported.