Source guide

Recognizing and Addressing Threats to Statewide Voter Registration Databases

An unclassified DHS/CISA report presents historical reporting and threat assessments concerning voter-registration databases, outlines possible exploitation of compromised data, and recommends mitigations for state and local election officials.

Open full source PDF ↗ 11 pages Embedded source text
01

Advisory purpose and evidentiary basis

The report characterizes itself as an unclassified overview of threats from foreign and domestic actors, based on intelligence-community, law-enforcement, and state-election reporting. It is an advisory threat assessment for state and local officials, not a new investigation establishing each cited event independently.

“This product provides an unclassified overview of the threats to statewide voter registration databases from both foreign and domestic actors.”
Executive summary
Source: page 2 ↗
“It relies on reporting from the intelligence community, law enforcement, and state election officials.”
Executive summary
Source: page 2 ↗
02

Reported historical intrusions

The historical survey says Russian actors accessed voter-registration files from a U.S. county website in at least two instances in 2016. It also recounts CISA/FBI reporting that members of the Iranian Republic Guard Corp obtained voter-registration data in at least one state during 2020 attempts; these are summaries of cited reports rather than duplicate corroboration.

“in at least two separate instances, Russian actors accessed voter registration files from a US county website.”
Historical incident summary
Source: page 3 ↗
“They confirm that the actor successfully obtained voter registration data in at least one state.”
Historical incident summary
Source: page 4 ↗
03

Assessed avenues for exploitation

The report assesses that compromised identity fields could enable absentee-ballot requests for low-propensity voters or be used to alter addresses, polling places, and party affiliation; it also warns that deletion at scale could disrupt election administration. These are hypothetical attack avenues in this section, not findings that such exploitation occurred.

“That information could enable bad actors to request absentee ballots at scale for low-propensity voters.”
Potential avenue: obtaining absentee ballots
Source: page 5 ↗
“change addresses and therefore their polling place or change party affiliation to impede voting in an election.”
Potential avenue: altering voter-registration information
Source: page 5 ↗
04

Election relevance of unrelated PII breaches

The report argues that PII breaches outside voter-registration systems may still create election risk because Social Security numbers, addresses, names, birth dates, and driver’s-license numbers overlap with data used to maintain voter rolls and verify absentee-ballot requests. It provides commercial-breach examples but does not show that the exposed information was actually used against an election.

“Because much of this same data is used to verify voter eligibility, maintain voter rolls, and verify identity for absentee ballot requests”
Data Breaches Generally assessment
Source: page 9 ↗
05

Recommended mitigations

Recommendations include frequent offline backups and tested restoration, multifactor authentication and least privilege, DDoS coordination, network segmentation, endpoint monitoring, and tested incident-response and ransomware-recovery plans. The conclusion encourages state officials to collaborate with DHS on election-infrastructure security.

“States should schedule frequent, routine back-ups of the voter registration database files and store them securely offline.”
Preparedness recommendation
Source: page 6 ↗
“Enable Multifactor Authentication on all accounts.”
Phishing mitigation
Source: page 7 ↗
“Implement and enforce network segmentation.”
Ransomware mitigation
Source: page 8 ↗
“all state election officials are encouraged to collaborate with DHS on this important mission.”
Conclusion
Source: page 10 ↗