Three weeks prior the recent special congressional primary election, Arizona's Secretary of State office found and addressed a cyberattack on its candidate information portal, according to legislative sources and state officials.
The hack happened on the website where candidates post their campaign materials and profiles for the state's election results page. Hackers were able to access the profiles of specific candidates and change the photos that were publicly visible on the election system during the attack.
JP Martin, a spokesman for the Secretary of State office, stated that during the week of June 23, officials shut down the candidate site after noticing odd activity. While cybersecurity specialists looked into the incident, the system was unavailable for a week.
Does Texas have a constitutional right to defy Supreme Court on protecting its border?
The office promptly alerted several organizations, including the National Guard, the Arizona Department of Homeland Security, and a private cybersecurity company, for assistance after learning of the intrusion. The investigation is still on, and all three organizations are taking part.
Candidates had to submit their information and papers using other methods that were directly coordinated with the Secretary of State's office during the portal outage. As part of increased security procedures, candidates were instructed to change their passwords once the portal was operational again.
A large portion of the candidate files and profile information on the compromised portal is public knowledge. Officials are still looking into whether the incident resulted in the access to any personally identifiable information, though.
JP Martin emphasized that the candidate portal operates separately from Arizona's voter registration and petition signature gathering systems. "No voter data was accessed," he stated, clarifying that the state's voter registration database was not affected by the incident.
Two weeks prior to the 7th Congressional District primary on July 15, the Secretary of State's office released a public statement regarding the incident on July 1. The office had "detected and successfully responded to a malicious adversary" that targeted the website, according to the notice, which offered little other specifics.
In addition to the public announcement, officials briefed a bipartisan group of state lawmakers about the breach in a private session.
Political figures such as Tyler Bowyer, Chief Operating Officer of Turning Point Action, criticized the announcement, accusing Secretary of State Adrian Fontes of hiding information from the public. Bowyer posted on social media, saying, "Don't let Fontes bury this and pretend like 'there is nothing to see here,'"
Arizona State Senator Jake Hoffman (R-LD15) escalated the criticism, characterizing Fontes' handling of what he called a "foreign cyberattack" as a "massive cover-up" and alleging that "Adrian Fontes is lying" about the incident.
In the original July 1 press release, Fontes' office stated: "The Secretary of State's Office detected and successfully responded to a malicious adversary that targeted the Arizona Secretary of State's website. These attempts were investigated, our security controls tuned for similar attack patterns, and applicable threat intelligence was shared with our cybersecurity partners."
Secretary of State Adrian Fontes defended his office's response, stating: "Our office identified patterns of activity consistent with what others are now publicly acknowledging, and we took decisive action to strengthen our defenses early on. I'm proud to say that critical systems—like Arizona's voter registration database—remained secure and protected throughout."
Martin dismissed claims that the office was trying to hide information, citing the public statement and bipartisan legislative briefing as proof of transparency. In recent remarks to the Arizona Technology Council, Fontes has highlighted the serious danger that cyberattacks pose to institutions, organizations, and democratic processes, he said.
Martin stated that it is "counterproductive" to combat these dangers to criticize companies for being transparent about cyberattacks when they happen.
The breach occurred during a critical period in Arizona's electoral calendar, just weeks before voters were scheduled to participate in the special congressional primary. The investigation involving federal agencies underscores the seriousness with which authorities are treating potential threats to election infrastructure.
Officials maintain that the integrity of Arizona's election systems was preserved throughout the incident, though the investigation continues as the state prepares for future elections.
