Colorado scrambles to change voting-system passwords after accidental leak

The department also cited "strict chain of custody requirements that track when a voting systems component has been accessed and by whom," and it said that each "Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to verify that ballots were counted according to voter intent."


Goal is to change all passwords by this evening


Griswold described the upload as an accident and said the mistake was made by a civil servant who no longer works for the department. "Out of an abundance of caution, we have people in the field working to reset passwords and review access logs for affected counties," she said.


Gov. Jared Polis and Griswold, who are both Democrats, issued a joint update about the password changes today. The Polis administration is providing support "to complete changes to all the impacted passwords and review logs to ensure that no tampering occurred."


"The Secretary of State will deputize certain state employees, who have cybersecurity and technology expertise and have undergone appropriate background checks and training," the statement said. "In addition to the Department of State Employees and in coordination with county clerks, these employees will only enter badged areas in pairs to update the passwords for election equipment in counties and will be directly observed by local elections officials from the county clerk's office. The goal is to complete the password updates by this evening and verify the security of the voting components, which are secured behind locked doors by county clerks."


Griswold said she is "thankful to the Governor for his support to quickly resolve this unfortunate mistake." Griswold told Colorado Public Radio that her department has no reason to believe the passwords were posted with malicious intent, but said that "a personnel investigation will be conducted by an outside party to look into the particulars of how this occurred."