Georgia AG’s Office Closes Investigation Into Alleged 2018 Hack Attempt Of Voter Registration System

Mar 3, 2020

The Georgia Attorney General’s office has closed an investigation into allegations that the Democratic Party of Georgia tried to breach the state’s voter registration system just days before the 2018 gubernatorial election, an explosive claim that heightened tensions over voting rights in the state.

In a memo dated Monday March 2, Attorney General Chris Carr's office said an inquiry from the Georgia Bureau of Investigation found “no evidence of damage to the SOS network or computers, and no evidence of theft, damage, or loss of data.”

“From my review, while the evidence in this case properly gave rise to concerns that were appropriately addressed to law enforcement, the investigation did not reveal any evidence to support the criminal prosecution of Mr. Wright for the commission or the attempt to commit any of the computer crimes outlined above,” the memo reads.

Then-Secretary of State Brian Kemp sent out a press release Sunday, Nov. 4, 2018, announcing an investigation into the Democratic Party of Georgia after a “failed hacking attempt” of the state’s voter registration system.

Richard Wright, a private citizen, claimed to find vulnerabilities with the state’s online voter registration system (OLVR) and My Voter Page (MVP) that could allow someone to view personally identifiable information. He forwarded that information to a lawyer representing plaintiffs suing the state and a volunteer for the Democratic Party of Georgia.

That volunteer forwarded the message up a chain that eventually made it to the secretary of state’s office.

The attorney general’s office said the “timing and source of notification” of the vulnerabilities added to “the already heightened sense of concern” and said the evidence properly gave rise to concerns that were appropriately addressed by law enforcement.

“We appreciate the Georgia Bureau of Investigation and Attorney General’s Office for investigating a failed cyber intrusion before the November 2018 election," Gov. Kemp's spokeswoman Candice Broce said in a statement. "More importantly, we are grateful that the systems put in place by Brian Kemp as Georgia’s Secretary of State kept voter data safe and secure.” 

A review by ProPublica and GPB News in the hours following the announcement found the state did quietly patch the state’s voter registration system, but the memo from the AG’s office suggests those fixed other minor vulnerabilities, and the particular issues claimed by Wright “were not found to be accurate.”

“Fortalice (a SOS third party vendor) confirmed vulnerabilities did exist on the MVP and OLVR webpages, and PCC (the third party provider responsible for the network) fixed those vulnerabilities,” the memo reads.

In a statement, Democratic Party of Georgia Chair State Sen. Nikema Williams (D-Atlanta) said this was closure on an investigation she called a “sham from the start.”

"More than a year after the sitting Secretary of State leveraged baseless accusations against his political opponents, we’re finally receiving closure on an ‘investigation’ that has been a sham from the start,” Williams said. “As we have since well before these outright lies came to light in the first place, Georgia Democrats will continue to do everything in our power to fight back against voter suppression, protect and expand our voter rolls, and put Georgia’s voters first."

This story will be updated as more information becomes available.