Lee.Vote Latest News Security Incident

Lee.Vote Latest News Security Incident

The Lee County Supervisor of Elections office is aware of a situation regarding the News section of its official website.

What happened?   A hacker modified a news article on the Lee SOE website to display an anti ISIS message.

Who does it affect and how many people?   No voter records were compromised by the incident as the website does not have access to the voter registration database.    An internal security review verified that the incident was isolated to the news section of the website only.

How did it happen?  There was a recent update to the Lee SOE website’s WordPress content management system, patch 4.7.0, that introduced a vulnerability for content injection attack of the REST API.    This vulnerability allowed the unauthorized changes to be made to the news section of the website.

What corrective action is being taken?   WordPress is aware of the vulnerability and has released patch 4.7.2 to close the vulnerability. The 4.7.2 patch has been applied to the Lee SOE website, resolving the issue.

When can we expect to be updated again?  We will continue to do an internal review, however pending any further patch updates from WordPress, we expect the matter has been resolved.

 

Special Message from Tommy Doyle, Supervisor of Elections: “I would like to take a moment and personally assure the voters of Lee County that their voter records are secure and have not been compromised. As always, the website and Voter Registration databases are kept separate. Lee SOE will continue to apply the latest in security patches as they become available.

Translate »