A free email newsletter breaking down the issues that affect Wichitans the most.
Delivered every Tuesday and Thursday morning
The personal information of at least 30 Sedgwick County election workers has been exposed following a data breach, according to information reviewed by The Wichita Beacon.
EasyVote Solutions, LLC, a company that Sedgwick County contracts with to manage election workers, recently became aware that some of its data may have been available online, according to Charles Davis, the company’s chief financial officer. The breach exposed the personal information of at least two poll workers in South Carolina and voter registration information in Georgia.
The company learned of the breach on Jan. 31 and reported it to Sedgwick County on Feb. 4, according to Sedgwick County Election Commissioner Angela Caudillo.
EasyVote informed Sedgwick County on Wednesday that it was not able to confirm that Sedgwick County election workers’ data had been exposed, Caudillo wrote in an email to The Beacon.
“We’ve been told by the company that they are not aware of any sensitive data from Sedgwick County that was affected,” Caudillo said on March 4.
But The Beacon reviewed information indicating that personal information of at least 30 election workers had been exposed, including some Social Security numbers, dates of birth and addresses. Using public records, The Beacon independently verified that much of the personal information, such as addresses and birth dates, was accurate.
A former poll worker whose information was on one of the forms that was disclosed confirmed with The Beacon that they filled out the form prior to becoming an election worker with Sedgwick County. The poll worker also confirmed for The Beacon that the personal information that had been disclosed was accurate.
EasyVote is investigating files that were exposed, Davis wrote in an email to The Beacon. He added that EasyVote Solutions would advise the county if its review turns up information concerning individuals in Sedgwick County. The company added that they would notify individuals if their information was exposed. As of March 9, the poll worker The Beacon spoke with said they had not been contacted by EasyVote or the county.
It’s unclear whether Sedgwick County will take independent action to notify election workers of the data breach. As of March 4, Sedgwick County had not notified election workers of the breach, Caudillo said.
What is EasyVote?
Sedgwick County approved a contract with Georgia-based EasyVote Solutions in April 2020. The $137,750 contract, which spans five years, is to help the county manage workers and supplies for elections. Applications for election workers, appointment letters and training records are among the documents that could have been uploaded to EasyVote storage systems since the contract began, Caudillo said.
But she added that since she became election commissioner in July 2021, the county has not used EasyVote to capture or upload any sensitive documents.
The EasyVote software the county uses does not generate or record ballots and is not used to determine election results, Caudillo said.
“We use the program to organize our election resources, and that includes recruitment, scheduling, and training of election worker staff,” Caudillo said. “This does not connect in any way to our voting or registration system.”
EasyVote data breach in Georgia, South Carolina
After learning about the breach Jan. 31, EasyVote disabled access to the storage location that housed the data and put it into a more secure environment, according to Davis. EasyVote also involved a cybersecurity firm to help after the breach was discovered, he added.
Caudillo directed questions about how long the data was exposed online to EasyVote. Davis did not respond to an email from The Beacon asking about the amount of time documents were exposed.
The company is currently reviewing the files that were exposed and what information they included, Davis added.
“We have been communicating with the subset of customers whose information may be involved based on the investigation to date,” Davis wrote.
State law enforcement is investigating the data breach in South Carolina, where the personal information of at least two poll workers was exposed.
While the Kansas Bureau of Investigation is not investigating a data breach related to EasyVote Solutions, according to KBI Communications Director Melissa Underwood, the Federal Bureau of Investigation is, according to The Island Packet in Hilton Head, S.C.
Dixon Land, an FBI spokesperson in Kansas City, said he could not confirm or deny the bureau was investigating the data breach.