Colorado election breach controversy escalates and draws Trump's attention
Add Axios as your preferred source to
see more of our stories on Google.
Colorado Secretary of State Jena Griswold, right, spoke at a news conference Oct. 24. Photo: Hyoung Chang/The Denver Post via Getty Images
Colorado Secretary of State Jena Griswold discovered leaked passwords for Colorado's voting system five days before it became public and didn't change the codes until the controversy exploded into view.
Why it matters: The lack of transparency is intensifying scrutiny of the state's voting system — including from former President Trump's campaign — and amplifying the blowback against the state's top election official at a crucial moment.
Catch up quick: An employee at the Secretary of State's Office mistakenly posted a spreadsheet to its website that included a hidden tab containing what are known as BIOS passwords used to adjust the voting system's settings, according to a statement Tuesday.
- The confidential passwords were visible online for months, 9News reports. They are one of two barriers needed to access the system in person, which also requires security clearance, the office said.
- The employee is no longer working for the office, Griswold said, but spokesperson Jack Todd would not disclose whether the person was fired for their actions.
The latest: A Colorado law firm representing the Trump campaign demanded Wednesday that she disclose more information about counties affected and halt processing mail ballots until new accuracy tests are completed, according to a letter obtained by 9News.
- A Republican state senator called Thursday for the Legislative Audit Committee to conduct an emergency investigation, and House GOP lawmakers asked Griswold to resign.
- The governor's office also announced it would provide staff and logistical support to help the secretary's office complete password updates.
Threat level: Griswold and local election officials said the miscue does not pose an immediate security threat to the election or ballot count.
- The spokesperson told Axios Denver that a team is now updating the passwords "out of an abundance of caution" but would not share more details.
What they're saying: "It's bad. Let me emphasize that we have other precautions in place, but the fact that a serious breach occurred is troubling," former Republican Colorado Secretary of State Wayne Williams told 9News.
- Attorney General Phil Weiser told the TV station that a thorough review is critical "to ensure that our elections are safe, and that every vote is counted."
Between the lines: The secretary became aware of the issue Oct. 24 — five days before the Colorado Republican Party disclosed the breach to the public, she later acknowledged to local media.
- The same day she held a news conference about a separate election fraud investigation in Mesa County and learned about the cybersecurity issue afterward.
- The office first notified federal cybersecurity defense officials and launched an internal investigation, she said.
- County clerks who manage the election were not informed until the controversy became public knowledge. "We wanted to be responsible in gathering our information and had pursued that investigation," Griswold told CPR.
The other side: In interviews, Griswold has said an initial investigation suggested it was an "accident" and unintentional. The disclosure of election passwords could lead to felony criminal charges.
- She took responsibility for the problem and rejected GOP criticism, saying she would "keep doing my job."
