Update: EasyVote Solutions, LLC, the company at the center of a data breach that impacted Sedgwick County election workers, has wrapped up its investigation of the incident and is notifying people who were impacted, Election Commissioner Angela Caudillo said.
The company will provide credit monitoring and identity theft protection for one year to those who had their full Social Security number or driver’s license number exposed, Caudillo told the Sedgwick County Commission on April 6. She added that she’s advocating for EasyVote to also provide credit monitoring and identity theft protection for election workers who had a partial Social Security number exposed.
EasyVote’s investigation “determined that an unauthorized individual accessed certain files in their online storage system,” Caudillo said. “They were not able to determine definitively whether other files were accessed, so they reviewed all files in that location to determine who might be at risk.”
Documents for some Sedgwick County election workers were included in that storage location.
Editor’s note: We updated this story on April 4 to clarify that two election workers told us the county notified them that their personal information was not on documents that may have been compromised in the data breach despite documents showing that it was, according to our review. We also revised the story to clarify that five other election workers we spoke with received two separate letters from the county with conflicting information about their personal information and the breach.
A week after the Sedgwick County Election Office began notifying election workers of a data breach by a county contractor that may have exposed over 800 workers’ personal information, confusion reigns among many.
At least two election workers told The Wichita Beacon they received notices in the mail that the county did not find any documents with their name or personal data that were compromised. This is in contrast to documents reviewed by The Beacon, which showed that these workers’ names and Social Security numbers were exposed.
“Received my letter from Sedgwick County. It says they found no evidence my information was exposed. Obviously that was not true,” wrote Brad Heyen in an email to The Beacon. The Beacon shared a document with Heyen that showed his personal data was exposed. “That is a tad bit frustrating.”
At least five election workers The Beacon spoke with also received two separate letters from the county election office, telling them conflicting information. One of the letters told them that no documents with personal information were compromised, while another told them that documents containing their name and partial or full Social Security number were in a list of documents that were compromised.
Sedgwick County Election Commissioner Angela Caudillo said an error in sorting the notifications caused some people to receive two letters with conflicting information from the county.
The election office is reaching out to those who received two letters to provide them with accurate information, Caudillo wrote in an email to The Beacon. The three people who received an initial letter informing them that their data was not compromised will be receiving a follow-up letter and will be contacted by the election office.
Individuals with questions should call the Sedgwick County election office at 316-660-7100 or email the office at email@example.com.
The data breach originated from EasyVote Solutions, LLC, a county contractor that helps manage election workers. The company became aware that some of its data may have been available online on Jan. 31 and alerted Sedgwick County on Feb. 4.
Last week, Caudillo announced her office would alert about 5,000 active and inactive election workers of the breach and what personal information could have been exposed. About 829 workers had documents uploaded to EasyVote’s software with personal information, including 168 workers’ Social Security numbers or driver’s license numbers, 82 workers’ partial Social Security numbers and 579 workers’ names, addresses and dates of birth.
Files independently reviewed by The Beacon indicate that exposed files of at least 181 individual election workers — 13 more than announced by the county — contained a full Social Security number or driver’s license number. The Beacon first reported the data breach on March 10.
The sensitive documents were Sedgwick County election worker applications and human resources onboarding paperwork.
“Why would they have a third party handling human resources or information like that?” asked Richard Moreno, whose personal information was exposed in the breach.
EasyVote is conducting an investigation into what files were exposed and what information was included, wrote Charles Davis, the company’s chief financial officer, in an email to The Wichita Beacon. As of March 30, Davis wrote in an email to The Beacon that the investigation was “nearing conclusion.”
EasyVote should be providing additional information to the election office later this week, Caudillo told The Beacon.
EasyVote informed the county election office that it will notify and assist any individuals whose Social Security number data was found to be compromised.
- A 15-year-old’s suicide while in Kansas foster care came amid a shortfall in mental health care November 27, 2023
- Kansas regulators give Evergy a smaller electrical rate hike than it asked for November 21, 2023
- Two killings, two very different cash bonds — and a debate about fairness in Wichita November 15, 2023