Arizona’s office in charge of elections unintentionally released the home addresses and telephone numbers of hundreds of voters whose records were supposed to be shielded from public disclosure, in an error that persisted for months and reached outside political and consumer data firms. The incident affected people enrolled in the state’s address confidentiality program — a measure intended to protect victims of domestic violence, sexual assault and stalking — as well as individuals who were protected through court order, including judges, prosecutors and law enforcement personnel. State statute explicitly bars the secretary of state from disclosing any address or telephone number for voters in that program unless a court order or another government entity requires it.
The problem began in February 2024, when a records analyst in the elections office asked for assistance pulling voter data to respond to public records requests. Rather than running the established public-facing report designed to automatically exclude protected voters, the director of voter registration, administration and technology advised a different method that bypassed the built-in redaction. That alternative query exposed the otherwise confidential addresses and phone numbers, and the analyst — unaware a protected population had been included — distributed the files to requestors as part of the office’s routine records process. Internal emails and contemporaneous records show the incorrect extraction and the failure of the usual two-step check that would have caught the error.
Weeks before the 2024 presidential election, staff in the secretary of state’s office learned the protected data had been released and began efforts to retrieve copies from recipients and to notify affected voters. The disclosure ultimately reached at least four out-of-state political data firms and a researcher at the University of Arizona; three of the commercial recipients also advertise consumer data services. Records indicate that at least eight people received the confidential data directly from the elections office. One recipient later provided the information to a Florida-based polling operation called American Promise; that recipient has said it believed American Promise deleted the records but the organization did not directly confirm deletion to state officials.
For nearly nine months, the office continued responding to public records requests without realizing that protected contact information had been included in some releases. The issue surfaced by chance during an Oct. 9, 2024 meeting, when an employee familiar with the proper reporting process recognized that something had gone wrong. After the discovery, the office attempted to claw back data it had released and informed the voters whose records had been exposed. Only a handful of the 373 people notified responded to the outreach; those who did seek specifics about when their information was disclosed and which entities were given access. The office provided those voters with documents showing which recipients had received their records and how each entity responded to the state’s retrieval efforts.
The secretary of state at the time demanded swift accountability when he learned of the error, and the office subsequently fired the director who had overseen voter registration, administration and technology. Office leadership maintained that the director had instructed the analyst to run the query that exposed the protected data and had bypassed the required double-check. The director disputed that account in written messages to colleagues, saying he did not show the analyst how to use the database’s ballot search function and asking the analyst to clarify when and where any training had occurred. Records show the analyst maintained she recalled being shown the feature by the director in February, shortly before ballots for the state’s presidential preference election were mailed. Efforts to speak with the director were stymied when an obituary appeared for him; the office later confirmed his death.
Officials described the mistake as a breakdown in following established policies and procedures intended to ensure protected records are redacted automatically. The chief of staff for the secretary of state’s office apologized for the lapse and said staff members had “fallen down on the job,” adding that the office had worked to rectify the problem and to notify those affected. A spokesperson for the office said staff pursued the proper investigative steps to retrieve the data from original recipients and were examining whether the information had spread further after the initial release. At a later point, the spokesperson said there was no update on whether any additional organizations may have obtained the confidential records.
The disclosure prompted alarm among some of the affected voters. Messages the office received from those notified asked for precise dates of the breach, requested names of parties who received their information, and sought an explanation of how the release occurred and what measures were being taken to ensure it would not happen again. One respondent identified themselves as a police officer who had long relied on court-ordered protections for their contact information. A forensic psychiatrist who specializes in violence risk assessment described the breach as “definitely unsettling” for people enrolled in confidentiality programs, saying the situation strips away a layer of protection those individuals expected. The state senator who sponsored the legislation that created Arizona’s voter confidentiality program called the incident “a breach of trust,” noting that even if no harm can be proven, the error will seed doubt about the program’s reliability.
Records provided by the office show that some recipients cooperated with retrieval efforts; other aspects remain unresolved. The office released documents to affected voters listing recipients and the responses they supplied to the state’s requests to delete or return the data. One recipient told state staff it believed that a downstream recipient had deleted the records, but the state did not obtain direct confirmation from that downstream organization. The office has said it is still reviewing the scope of distribution and whether additional entities beyond those initially identified got access to the protected information. The disclosure underscores that the failure of a single procedural step in a high-volume records process can expose sensitive information about a small, legally protected group of voters.
Illustration by Michelle Perez showing voters with fragmented, overlaid data — a visual metaphor for Arizona’s accidental release of protected voters’ addresses and contact information.
The office has said it apologized to affected voters and is taking steps intended to prevent recurrence, including internal investigations and personnel actions. The state law that created the confidentiality program remains unchanged in its prohibition against disclosing addresses and phone numbers of program participants except in narrowly defined circumstances. Officials have provided the individuals whose information was released with records of which outside organizations received their data and what those organizations reported back to the state. Beyond that notification and the office’s retrieval efforts, records do not document any confirmed physical harm resulting from the disclosure, and the scope of any downstream dissemination beyond the organizations identified in the office’s records remains under review.
