WASHINGTON — Virginia’s Department of Elections’ next chief information officer likely had their personal information exposed, after a job posting for the position included a username and password that could be used to view applicants’ resume and personal details.
The Department of Elections told WTOP Tuesday afternoon it is “taking action” to address the issue, which allowed a reporter to see names, resumes, salary information, references, education history, home addresses, emails and phone numbers of 96 people who had applied to be head IT security for Virginia elections.
By 5 p.m. Tuesday, the login credentials had been deactivated.
The personal information of the applicants appeared to have been exposed since the application window ended more than a week ago, although it is unclear how many people may have accessed the data.
Those who applied between Jan. 17 and Feb. 3 live and work across Virginia and the country.
Several have military experience or have worked as government contractors, according to the resumes, cover letters and other information they provided on the state Department of Human Resource Management’s Recruitment Management System.
“It was a mistake, and is not systems-related,” said Anne Waring with the Department of Human Resource Management.
Waring added that the Department of Elections has confirmed that the issue has been resolved. “We are investigating how it happened,” Waring said.
Aside from information technology and systems security, the full-time position is responsible for oversight of business operations, database management and system development.
It comes with a salary of up to $150,000.
The data exposure comes as Virginia’s General Assembly moves toward additional funding for the Department of Elections to help address issues with oversight and the state’s voter registration system identified in a review last year.
Elections administrators across the country also remain concerned about cybersecurity threats.
Copyright © 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.