MADISON, WI – This afternoon, the U.S. Department of Homeland Security notified the Wisconsin Elections Commission for the first time that “Russian government cyber actors” unsuccessfully targeted the state’s voter registration system in 2016.
WEC Administrator Michael Haas has informed WEC Chair Mark Thomsen, who directed Commission staff to investigate why election officials were not notified earlier and report to the Commission at its meeting Tuesday.
“This scanning had no impact on Wisconsin’s systems or the election,” Haas said. “Internet security provided by the state successfully protected our systems. Homeland Security specifically confirmed there was no breach or compromise of our data.”
Wisconsin is one of 21 states whose chief election officials were notified Friday by DHS officials that their systems were targeted by Russians, said Haas. DHS did not disclose which other states were notified, but said the states were free to disclose the information.
According to DHS, it appears that Internet-facing election infrastructure in Wisconsin was targeted by Russian government cyber actors. They scanned internet-connected election infrastructure likely seeking specific vulnerabilities such as access to voter registration databases, but the attempt to exploit vulnerabilities was unsuccessful.
Haas said the Commission is seeking more specific information, including when the scanning activity occurred in 2016.
The news that 21 states were targeted was first announced by DHS at a U.S. Senate Intelligence Committee hearing on June 21, 2017. Coincidentally, Haas also testified at that hearing and said in response to questions that the Elections Commission had not been notified by DHS and concluded that Wisconsin was not one of the targeted states.