A bizarre security breach of a rural Colorado county’s voting system has in a matter of days escalated into a criminal probe of the clerk’s office, a ban on the county’s existing election equipment, and heightened partisan divides over election-fraud claims.

Footage that showed passwords related to the county’s voting systems was surreptitiously recorded during a May security update and published last week on a far-right blog, Colorado Secretary of State Jena Griswold (D) said Thursday. Griswold determined Mesa County cannot use its existing equipment for its November election.

Griswold alleged Mesa County Clerk Tina M. Peters (R) allowed the breach. A spokesperson for Mesa County confirmed a criminal probe headed by the 21st Judicial District Attorney’s Office was underway but said it was still in the early stages.

During a Thursday news conference, Griswold said Peters falsely passed off a man as a county employee and misled her office about his background check status. Days before the breach, she said Peters directed her staff to turn off the video surveillance of the voting machines, which she said has remained off until just recently.

“To be very clear; Mesa County Clerk and Recorder allowed a security breach and — by all evidence at this point — assisted it,” Griswold told reporters Thursday.

Peters did not respond to The Washington Post’s request for comment Thursday but released a statement earlier this week saying her constituents had voiced concerns about election integrity: “I have told them I will do everything in my power to protect their vote.”

Peters has spent the past several days in South Dakota at the “Cyber Symposium” held by MyPillow CEO Mike Lindell, one of the most ardent allegers of election fraud. (Lindell is being sued for defamation by Dominion Voting Systems, the company that manufactures Mesa County’s equipment.) In a keynote speech at the event Tuesday, Peters said Griswold’s investigation of her office was politically motivated.

“We would be a big jewel in our governor and our secretary of state’s crown to take over my office and control the way you vote,” Peters said, according to a recording of her speech.

The situation in Mesa County is the latest instance of how debunked claims of fraud in the 2020 election continue to ripple through the country, down to the level of local politics.

Griswold on Thursday said her office’s investigation — separate from the criminal probe recently announced by Mesa County District Attorney Daniel Rubinstein — was about integrity, not politics.

“I think it is extremely concerning that an elected official from the state of Colorado is actively working to undermine confidence and spread misinformation about our award-wining voting system,” Griswold said.

The security breach did not affect any past elections nor will it impact future ones, on account of the roughly 40 pieces of voting equipment being decertified, Griswold said. Mesa County will be responsible for the cost of completely replacing its election equipment by the end of the month or rely on hand-counted ballots.

Colorado is widely credited as having the gold-standard for election security after implementing virtually all of the recommended protocols following Russian interference in the 2016 election.

Larry Norden, who directs the Election Reform Program at the Brennan Center for Justice at the New York University School of Law, said Colorado invests in risk-limiting audits, multifactor authentication and testing before and after elections to ensure accuracy.

“If there was a [security breach] they would catch it — but you don’t want to be in that situation if you don’t have to be,” Norden told The Post. “You prefer the systems work right the first time.”

Griswold said the leaked passwords can only be used on a physical piece of equipment in the Mesa County Clerk’s Office; various authentications and safeguards make it unlikely a random person with the passwords could have meddled with the machines.

“Nobody has the keys to the castle,” she said. She conceded that it was not implausible a “bad actor” who somehow had access to both the passwords and the physical machines could compromise the security of the equipment.

After Griswold’s office learned of the breach, her investigators found an unauthorized person had been allowed into the May meeting where the secure software update was taking place. By county rules, the seven attendees are restricted to state civil servants, county employees and representatives from Dominion Voting Systems, the equipment and software manufacturer.

Peters had previously pushed for the update, known as a trusted build, to be public, which Griswold rebuffed. Griswold said the man’s presence was a violation of the rules, which Peters helped him evade.

Matt Crane, a Republican who heads the County Clerks Association and formerly served as Arapahoe County Clerk, blasted the situation in Mesa County as a “solo, intentional and selfish act.”

“We’ve heard people say that this is heroic. To be clear. There is nothing heroic or honorable about what happened in Mesa County,” Crane said while standing alongside Griswold on Thursday.

Still, he called any calls for Peters’s resignation premature: “Ultimately, it’s up to the people of Mesa County.”

Peters, who was elected in 2018, survived a 2020 recall effort. She is up for reelection in 2022.

Read more: