Voter Records Copied Off Compromised Illinois Voter Registry

The Illinois State Board of Elections online voter registration has been hacked.

“The attackers took advantage of a programming flaw in the website’s database. The attack, known as a ‘SQL injection,’ occurs in databases using the SQL programming language,” the Hill explains. 

Unless properly configured, SQL databases can be tricked into running commands entered by any website visitor.

According to The Southern Illinoisan, the attack on the statewide Illinois Voter Registration System occurred July 12, and the system was shut off July 13 as a precaution once the board realized the severity of the attack.

The registration database is a frequent target of cyberattacks, said Ken Menzel, the board’s general counsel, but “this is the first time that we’re aware of that anybody’s gotten into anything — not for lack of trying.”

A statement from Kyle Thomas, director of the board’s voting and registration systems division, says the board believes the attack was the work of foreign hackers.

Board officials are in the process of determining the number of records exposed and the names of all the individuals affected.

Officials have no evidence that the attackers added, changed or deleted any information in the database. Efforts to extract voter signature images and voter histories were not successful.

Incident cleanup has caused online voting outages for about a week.