Colorado secretary of state reveals voting equipment passwords were posted online for 4 months

A former staff member created a spreadsheet that contained the passwords in a hidden tab. The spreadsheet was then posted on the Colorado Department of State's subpage for voting system equipment, Griswold's office said.

Griswold's office said the employee left "amicably" before the breach was made public. However, Griswold refused to share specific details about the employee's departure. 

Griswold's office determined that 34 of Colorado's 64 counties were affected by the password breach.

While the breach was discovered on Oct. 24, it wasn't made public until the Colorado Republican Party revealed it in an email five days later.

Griswold defended her office's decision not to detail the breach to the public right away, claiming she didn't know if the passwords were active. She said she wanted to understand the "size and scope of the disclosure" first.

Griswold's office said all affected active equipment had undergone password updates with support from the Governor's Office of Information Technology, Colorado Bureau of Investigation and Colorado's dedicated County Clerks.

Griswold insisted Colorado's elections are safe.

The secretary's office said it is working with a law firm on an outside investigation to determine how the breach happened, how it could be prevented and any recommendations for improvement. 

It added it will also require additional cybersecurity training with all staff, including password management and security procedures.