The controversial decision made by Arizona Secretary of State Adrian Fontes to handle a suspected Iranian cyberattack on the state's elections website without involving federal authorities has drawn increasing criticism. Recently justifying the decision by claiming that it was required to prevent political exploitation of the security breach.
Adrian Fontes, said his office was able to stop hackers who used pictures of the late leader of Iran's Islamic Revolution, Ayatollah Khomeini, in place of candidate photos on the state's election portal. After learning of the hacking on June 23, Fontes was able to restore the website, which was the target of the attack and involved a portal where political candidates upload their images and biographical information.
However Fontes' response to the issue has also drawn criticism. He said during a weekend TV appearance that he purposefully avoided informing state political parties or candidates about the security concern and did not get in contact with the Cybersecurity and Infrastructure Security Agency (CISA).
"I just can't trust that this administration takes election security seriously, versus using it for political theater," Fontes said, explaining his perspective for keeping federal authorities in the dark. "We did not want this politicized, so we figured we could take care of it, which we did very effectively and very quickly with other partners."
Republicans strongly disagreed with Fontes' choice of proceeding with it alone, claiming that the Secretary of State put political concerns ahead of cybersecurity procedures. Requests for public records have been made by the Arizona Republican Party, which is seeking information on how the incident happened, what data might have been compromised, and the steps being taken to stop similar attacks in the future.
"With critical election infrastructure potentially compromised, voters deserve answers—not silence," Republican Party Chair Gina Swoboda said in a statement criticizing Fontes' approach.
Although the Secretary of State has insisted repeatedly that no private information was compromised in the hack, his response to the situation calls into question his leadership in areas related to election security.
Working with outdated technology that has proven vulnerable to outside hacking, Fontes is working to prepare Arizona's electoral systems for the 2026 midterm elections.
"But we are up against the wall," Fontes admitted when discussing the state's cybersecurity needs. "November 2026 is right around the corner, and these sorts of fixes take a lot of time."
He stated that in order to modernize the outdated computer systems that were the focus of the attack, he is requesting emergency "stopgap" funding from state legislators.
Fontes is in a difficult position as a result of the event since cybersecurity experts suspect that foreign attackers may have intentionally targeted Arizona.
The state's chief cybersecurity officer, Ryan Murray, stated that there is "moderate confidence" that the attack came from Iran and that, out of comparable attempts across the country, Arizona's intrusion was the only one to be successful.
"I would say, definitely," Murray said when asked if Arizona appears to be a primary target. "Either this was just a threat actor getting very lucky with a vulnerability that they found and were able to take advantage of, or we're a target."
Fontes' strategy is reflective of his larger conflicts with federal officials and his expressed doubts about their dedication to real election security as opposed to political propaganda. Even though he was ultimately successful in restoring the website, his decision to manage the situation on his own has sparked debate over whether state election officials, regardless of political affiliations, should work more closely with federal cybersecurity organizations.
