US officials have told election authorities in 21 states that hackers targeted their systems before last year’s presidential election.
The notification came roughly a year after the US Department of Homeland Security (DHS) first said states were targeted by hacking efforts possibly connected to Russia, prompting criticism by some politicians for the delayed disclosure.
The states that told The Associated Press news agency that they had been targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia and Wisconsin.
The other states that confirmed they were contacted were Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Iowa, Maryland, Minnesota, North Dakota, Oklahoma, Oregon, Texas and Washington.
Being targeted does not mean that sensitive voter data was manipulated or results were changed.
Even so, the widespread nature of the attempts and the year-long lag before the notification from Homeland Security raised concerns among some election officials and politicians.
For many states, Friday’s phone calls were the first official confirmation of whether their states were on the list – even though state election officials across the country have been calling for months for the federal government to share information about any hacks, as have members of Congress.
“It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information,” California Secretary of State Alex Padilla, a Democrat, said in a statement.
“The practice of withholding critical information from elections officials is a detriment to the security of our elections and our democracy.”
Virginia Senator Mark Warner, the top Democrat on a committee that is investigating Russian meddling in last year’s election, has been pushing the department for months to reveal the identities of the targeted states.
He said states need such information in real time so they can strengthen their cyber defences.
“We have to do better in the future,” he said.
Homeland Security said it recognises that state and local officials should be kept informed about cybersecurity risks to election infrastructure.
“We are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners,” it said in a statement.
Links to Russia
The government did not say who was behind the hacking attempts or provide details about what had been sought, though local media reported that some states were told by officials that they believe agents of the Russian government were behind the attempted hacks.
Election officials in several states told The Associated Press that the attempts were linked to Russia.
Federal officials said that in most of the 21 states the targeting was preparatory activity such as scanning computer systems.
The targets included voter registration systems but not vote tallying software. Officials said there were some attempts to compromise networks but most were unsuccessful.
Only Illinois reported that hackers had succeeded in breaching its voter systems.
Other states said their cybersecurity efforts turned back efforts to get to crucial information.
Earlier this year, a leaked National Security Agency report detailed that hackers obtained information from a company that provided software to manage voter registrations in eight states.
The May report said hackers sent phishing emails to 122 local election officials just before the November 2016 election in an attempt to break into their systems.
The latest disclosure to the states comes as a special council investigates whether there was any coordination during the 2016 presidential campaign between Russia and associates of Donald Trump.
Trump, a Republican who defeated Democrat Hillary Clinton in the presidential election, has called the Russia story a hoax.
He has said Russian President Vladimir Putin “vehemently denied” the conclusions of numerous American intelligence agencies.