Cyber Incident Victim: Palm Beach County Supervisor of Elections
Date:
Sep 2016
Location:
United States of America
Summary
A ransomware attack encrypted computer systems at Palm Beach County's election office shortly before a presidential election, discovered only later by a new supervisor during staff interviews. The incident, not publicly disclosed initially, involved compromised IT systems but did not disrupt voting processes. The office failed to report the breach to federal authorities, and its connection to broader state election interference concerns remains unclear. This event highlighted vulnerabilities in election infrastructure, coinciding with subsequent ransomware incidents affecting various Florida government entities, underscoring persistent security challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Palm Beach County election office experienced a ransomware attack in September 2016, during the tenure of its previous election supervisor. The incident encrypted the office's computer systems weeks before the 2016 U.S. presidential election. The breach remained undisclosed to the public and federal authorities until 2020, when current Supervisor of Elections Wendy Sartory Link revealed it during an interview with the Palm Beach Post. Link learned of the attack while interviewing candidates for the IT director position following the termination of the prior IT director, who was arrested on unrelated child pornography charges. A candidate who served as deputy IT director during the 2016 incident referenced "the hack we had back then" during his interview, prompting Link's investigation. No evidence indicated the ransomware event was reported to the FBI or Department of Homeland Security at the time of occurrence. Voting operations proceeded without disruption during the 2016 election cycle despite the compromise.
The ransomware attack's discovery in 2020 complicated understanding of Florida's election security landscape, particularly following Governor Ron DeSantis's 2019 statement that Russian hackers breached two counties during 2016. Link acknowledged she couldn't definitively confirm whether Palm Beach County was among those referenced by DeSantis, but characterized the ransomware incident as separate. The election office completed a 10-day IT systems review shortly before the breach's disclosure. The incident highlighted persistent vulnerabilities in Florida's election infrastructure, coinciding with multiple 2019 ransomware attacks against other government entities including Stuart, Lake City, Riviera Beach, and Pensacola municipal networks. Federal officials subsequently expressed concerns that future ransomware targeting voter registration databases could disrupt electoral processes, prompting DHS initiatives to bolster database security ahead of the 2020 elections.