The Colorado Department of State—the agency responsible for securing voting systems ahead of a presidential election that’s already haunted by accusations of malfeasance and interference—says that it’s done a bit of an uh-oh.
For months, the agency “improperly” hosted a publicly available spreadsheet on its website that included a hidden tab with partial passwords for its voting machines.
While the incident is embarrassing and already fueling accusations from the state’s Republican party, the department said in a statement that it “does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted.”
Colorado NBC affiliate station 9NEWS reported that Hope Scheppelman, vice chair of the state’s Republican party, revealed the error in a mass email sent Tuesday morning, which included an affidavit from a person who claimed to have downloaded the spreadsheet and discovered the passwords by clicking a button to reveal hidden tabs.
In its statement, the Department of State said that there are two unique passwords for each of its voting machines, which are stored in separate places. Additionally, the passwords can only be used by a person who is physically operating the system and voting machines are stored in secure areas that require ID badges to access and are under 24/7 video surveillance.
“The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the [country’s] essential security infrastructure,” The department said, adding that it is “working to remedy this situation where necessary.”
Colorado voters use paper ballots, ensuring that a physical paper trail that can be used to verify results tabulated electronically.
Despite the Department of State’s reassurances that its voting systems remain secure and reliable ahead of the election, the Colorado Republican Party quickly seized on the incident to sew doubt about “the many problems with Colorado’s election system.”
In a post from its official X account, the Colorado Republican party accused Democratic Secretary of State Jena Griswold of “leaking election passwords that compromised our CO elections with less than a week to go” and asked supporters to help raise $100,000 so that the party could sue Griswold.
The accusations come weeks after a Colorado judge sentenced former Mesa County clerk Tina Peters to nine years in prison for using a stolen ID card to illegally obtain voter information, which she shared with Republicans who falsely claimed that Donald Trump won the 2020 election.