Roughly 1.2 million Nevadans already are dealing with potential headaches from the Equifax data breach. But many also may have to confront a danger caused by another kind of online interloper — someone seeking to mess with their voter registration data.

The recently reported Equifax breach, which occurred between mid-May and July of 2017 and led to the release of 143 million people’s personal information, has raised concerns that a malicious actor or hacker looking to wreak havoc on the state’s election process could have a much easier time with personally identifiable information needed to make changes to online voting registration just a few well-placed clicks away.

Although recent reports and at least one activist have raised concerns over the possibility of the hacked information being used for nefarious purposes, Deputy Secretary of State for Elections Wayne Thornley said that the office hasn’t seen any attempts at mass online voter registration changes and that the office had safeguards already in place to prevent and detect any suspicious activity.

He added that paper voter registration was similarly vulnerable if bad actors possessed the necessary information necessary to make changes.

“It could still be done if online voter registration did not exist,” he said in an email. “We have system-wide safeguards in place, but in some ways online voter registration reduces the risk. For example, with online voter registration we can track IP address and prevent bots from using automation to make fraudulent changes. With paper applications, we do not have the same tools to prevent the massive, sudden changes you describe.”

Though the federal Department of Homeland Security last week identified 21 states targeted by Russian government hackers during the 2016 election, Nevada election officials say they were not among them.

Still, the recent data breach — one of the largest in history — and accessing of millions of names, Social Security numbers, birth dates, addresses and an undefined number of driver’s licenses has some residents worried, especially as Nevada is one of the 35 states with online voter registration.

A new study published in the Technology Science journal (published by Harvard University’s Data Privacy Lab)  in early September found that identifying and obtaining the personal information of voters — either through official government sources or black market, darknet sources — was relatively simple to automate and could be carried out on a massive scale relatively easily.

It estimated the cost of changing voter registration information for a targeted 10 percent of Nevada voters would cost a relative pittance — only $870.

The study estimated the costs it would take to submit online changes to a certain targeting percentage of registered voters state by state, including determining what information is required, obtaining the information from black market sources and then submitting the information and getting around state security systems.

“We showed that an attacker could impersonate voters and submit address changes that if accepted, could disenfranchise significant numbers of voters or disrupt elections,” the report stated.

While the study was conducted prior to the Equifax breach and widespread attention to efforts by the Russian government to interfere in the 2016 election cycle, it nonetheless found relatively easy to purchase and prepare automated attacks on voter registration records — a “leaked” Nevada voter database on a darknet website cost nearly $27, for example.

Other election officials have criticized the report as not realizing that the vast majority of states that have adopted security and mitigation measures recommended by the report, and that examples of attempted voter registration changes or fraud were few and far between.

“There’s no difference in the [voter] data you need to make those [registration] changes in an offline way … If this is a vulnerability, it’s a voter registration vulnerability, not an online voter registration vulnerability,” Judd Choate, head of the National Association of State Elections Directors, told CyberScoop.com earlier this month.

The concerns prompted Las Vegas resident and Democratic activist Marco Henry to send a letter to state and local election officials expressing concern over the potential for massive, malicious changes to voter registration.

“A malicious actor in possession of a registered Nevada voter’s name, address, date of birth, last four digits of the Social Security number, and — critically — driver’s license number has all the information required to change the resident’s voter registration online, without the voter’s knowledge,” he wrote.

Other states have implemented several safeguards including logging and reviewing changes to voter registration, prohibiting mass changes to registration information from a single IP address and mailing confirmation of changes to voters to re-confirm that they actually made the modifications to their registration information.

Nevada is also one of the 11 states that uses some form of a reCAPTCHA code to prevent mass, automated attempted changes to voter registration information, through the Technology Science report noted that advanced hackers had discovered ways to bypass the filter.

Overall, Thornley said the state believed it is well-equipped to deal with any attempt to interfere with online voter registration.

“We are confident in the system we have in place, and we have not seen any evidence of malicious actors fraudulently altering voter registration data in Nevada,” he said.