Federal investigators say a “security researcher” was behind a data breach at Kennesaw State University’s Center for Election Systems, and his probing of the system broke no federal law.
University officials announced the finding Friday after being brief by investigators from the Federal Bureau of Investigation, ending a month-long probe over a potential hacking case that had raised alarms over the security of the state’s election system.
In a statement, university officials acknowledged what they called “unauthorized access” to a server used by the center, which helps the state prepare elections information and has access to millions of Georgia voter records. No student data was involved in the case.
No charges have been announced and officials did not name the researcher, who is believed to have contacted the center at least twice – including once prior to last year’s presidential election – to notify them of the server’s vulnerabilities and apparently draw attention to them.
The Atlanta Journal-Constitution has reported previously that state officials believed the researcher never penetrated the center’s core systems, which represent the heart of its work.
Those core systems are “air-gapped,” meaning they are not connected to the internet and are not connected to the KSU server involved in the investigation. The center uses the systems to help the state build and duplicate the digital lists of eligible voters used by poll workers in each of the state’s 3,000 precincts to verify voters’ names, addresses and registration.
A spokeswoman for Kemp said the office is pleased with how federal officials conducted the investigation, which was done as the state prepares for a nationally watched special election April 18 to replace former U.S. Rep. Tom Price.
“We are pleased to learn that FBI officials have completed the investigation at KSU, and we appreciate their dedication in resolving this case,” said Kemp spokeswoman Candice Broce.
The state’s voter registration database and other election systems run by the office were not involved in the inquiry and there is no evidence they have been hacked. Officials have said that the private company used by the office to protect those systems has been on “heightened alert” since the breach.