TAMPA, Fla. — An investigation determined the Hillsborough County Supervisors of Elections Office underwent an illegal data breach in early May, exposing more than 50,000 voters' information.
An unauthorized user appeared to have illegally accessed and copied files containing personal identification information, such as social security or driver's license numbers, the Hillsborough County Supervisor of Elections Office said in a news release. The user was able to gather the information from files used to conduct voter registration list maintenance.
"Voter registration list maintenance is the state-mandated process by which the office continually reviews its voter roll to identify necessary updates," a news release reads. "It's important to note that the voter registration system and the ballot tabulation system, which have additional layers of security, were not accessed."
The county believes around 58,000 people were impacted and those people will receive notification letters in the next week to make them aware that their personal information was illegally accessed.
The files were illegally accessed on May 3. At the time, Hillsborough County Supervisor of Elections Craig Latimer reassured residents that the unauthorized user didn't have access to the voter registration system or the ballot tabulation system.
He further explained that the voter registration system had multiple layers of protection, monitoring any redundancy and said the server was not compromised during the breach.
The investigation into the unauthorized user accessing Hillsborough County voters' information is ongoing. The Hillsborough County Supervisor of Elections Office is working with federal, state and local law enforcement officials to address the criminal cyber activity.
One cybersecurity investigator gave insight as to why a hacker would do something like access data from a government agency. Andrew Sternke runs his own cybersecurity business called DarkBox Security Systems.
He said hackers get financial gain from having your personal information.
"Basically what they do is they access this information, they will turn around and try to sell that information via the dark web in order to make money," Sternke said.
If you get a letter alerting you that your information was accessed, Sternke said to change your passwords, use two-factor authentication and keep a close eye on your bank accounts.