HILLSBOROUGH COUNTY, Fla. — The Hillsborough County Supervisor of Elections office has sent notification letters to thousands of voters impacted by a data breach.
According to the office, a cyber criminal stole the personal information of roughly 58,000 people.
The office said it's working with federal, state, and local law enforcement to investigate the breach.
Investigators said the hacker accessed and copied files which contained personally identifiable information, including social security or driver license numbers.
A spokesperson for Hillsborough County Supervisor of Elections Craig Latimer said notification letters were mailed through the U.S. Postal Service on Wednesday. Those impacted by the hack should receive their letters within the next few days.
According to a press release, the cyber criminal stole the personal info "primarily from files used to conduct voter registration list maintenance."
"It's important to note that the voter registration system and the ballot tabulation system, which have additional layers of security, were not accessed," the news release clarified.
Latimer, meanwhile, has said responding to the breach is his top priority.
"Elections are critical infrastructure, and any attack on our office — even one that does not interfere with the conduct of an election — is an attack on our community and our democracy," he wrote in a previous post.
According to Alper Yayla, an associate professor of cybersecurity at the University of Tampa, data breaches are becoming more and more common.
“Unfortunately, they are very common, and we only see the big ones," he said.
Yayla said cyber criminals — who are often hard to track down — sell the personal information on the dark web. Other criminals who buy the info can use it to steal identities, take out loans, and apply for credit cards.
That’s why cybersecurity expert Ian Marlow, the CEO of FITECH Consultants, said anyone impacted should use a service like TransUnion, Equifax, or CreditWise to lock down their credit.
“If anyone from a financial standpoint attempts to open a credit card, take out a loan, or use your personal information that was gathered in this type of a breach to hurt you, it will stop that process from happening," Marlow said. “It’s absolutely well worth that little bit of pain now to avoid a lot of pain later.”
Marlow said it’s also important for the elections office to patch whatever gap in security allowed the breach to happen in the first place, so a similar breach doesn't happen again.
“The question at the end of the day isn’t really the why," he said. "It’s the how. And this shows that, obviously, that there are holes in security design — in the network where this information is being held.”
