The office of the Palm Beach County Supervisor of Elections in Florida was allegedly hit by a ransomware attack in September 2016, according to the county elections supervisor.
Palm Beach County Supervisor of Elections Wendy Sartory Link, who assumed her position in January 2019, said Wednesday she did not learn about the alleged attack until late last year.
That’s when she reported it to authorities, including the FBI and Department of Homeland Security – in late November or early December 2019, according to Link.
The alleged attack was first reported in The Palm Beach Post.
The office scanned thousands of pages of code and turned them over to the FBI for analysis after learning about the alleged breach, Link said.
The FBI would neither confirm or deny it investigated or is investigating the alleged breach. DHS declined comment.
A team of six people from DHS arrived in Palm Beach in late January 2020 and worked about ten days analyzing the computer system at the election office, Link said. A final report is pending.
“I was shocked and worried – not knowing, ‘What did that mean for us today,’” Link told CNN, referring to the attack.
But Link said she believes there is no current threat on the system. Florida’s presidential primary is March 17.
The election office “caught (the attack) quickly” and was able to recover most of the documents lost from a backup system – though some documents were not recovered, according to Link.
The office will be able to successfully handle the 2020 election, Link said. Palm Beach County, like every other county in Florida, has been assessed for vulnerabilities by the state’s cyber experts, she said.
“Palm beach county is ready for this election,” she said. “And while this was an unfortunate circumstance that happened in 2016, we have taken the precautions that we can to make sure that it isn’t going to be a problem for us. We are election ready. We are cyber ready. We are looking forward to a good and successful election.”
The alleged attack was known to others in the Palm Beach election office at the time, said Link. She said she was told about it by her assistant IT director after the departure of the office’s previous IT director in November 2019.
Link said she has no reason to believe the breach impacted the 2016 election because, to her knowledge, the files involved were Excel and Word-type files and not voter files.
Tammy Jones, president of the Florida Supervisors of Elections, which represent election offices in the state’s 67 counties, said “there was no reporting mechanism” in 2016 to alert her office to the breach.
Jones said that at the time elections were not considered critical infrastructure as they are now, with strong partnerships between election supervisors, the state and the federal government.
All Florida counties have been scanned for cyber vulnerabilities and election offices are a priority, according to Jones. She said Florida has paper ballots and tabulation machines are not connected to the internet.
Florida Secretary of State Laurel M. Lee said in a statement that the department was not made aware of the alleged attack in 2016.
Lee said the department has conducted a statewide “elections-specific risk assessment” and has five “cybersecurity navigators” to directly assist county election supervisors.
“Through these measures and partnerships, the Department is confident that we have now, more than ever, a stronger defense against any potential future threats,” Lee said.
Link’s predecessor, Susan Bucher, was suspended in January 2019 by Gov. Ron DeSantis on grounds “she was unable to comply with the laws of our state and her duties as the Supervisor of Elections and failed to accurately report information related to the number of ballots that had been cast,” the governor said in a statement at the time.
Bucher did not immediately respond to CNN’s request for comment.
Broward County elections supervisor Brenda Snipes submitted her resignation in November 2018 after the completion of a recount that brought renewed scrutiny of her tenure.