Pillar 04 · 2 documents · 12 pages

Noncitizens on State Voter Rolls

The "Noncitizens on State Voter Rolls" collection consists of two Department of Homeland Security documents released together in mid-2026. The first, a one-page DHS fact sheet titled "Preventing Alien Voting," claims that over 250,000 non-citizens are illegally registered to vote in California, Pennsylvania, New Jersey and Nevada, and reports that as of June 22, 2026, twenty-five states had run more than 68 million registration records through the enhanced SAVE verification system, flagging over 400,000 deceased registrants and over 28,000 non-citizens. The second, an 11-page July 2026 unclassified DHS/CISA report, catalogs a decade of cyber threats to statewide voter registration databases — including asserted Chinese breaches before the 2020 election, Russian intrusions in 2016, Iranian data theft in 2020, and vendor supply-chain failures — and prescribes security measures for election officials. Together the documents pair contested claims of large-scale non-citizen registration with a technical warning that voter rolls themselves are vulnerable to foreign manipulation, while also revealing that key SAVE enhancements were suspended by court order pending appeal.

Election Integrity · From the White House release

According to a D.H.S. review of state voter rolls and public records, they identified approximately 278,000 non-citizens who are registered to vote in federal elections. Since Democrat states refused to share their voter files, the real number is actually much higher—yet even this limited analysis found more than a quarter of a million foreigners illegally registered to vote.

Put together, these disclosures reveal an election system so broken and vulnerable that no one can possibly defend it. Hundreds of millions of U.S. voter files are in the hands of foreign governments, our machines and ballot-counting systems are exposed to hacking and manipulation, China and other countries have been trying to meddle in our elections, evidence of fraud has been buried, hundreds of thousands of non-citizens and dead people are listed and active on the voter rolls—and yet, we still have elections with no Voter I.D., no Proof of Citizenship, and tens of millions of ballots floating aimlessly through the mail.

By the numbers

What the documents record

The record

What this collection contains

The collection pairs a political-facing enforcement summary with a technical threat assessment, both centered on the integrity of state voter registration rolls.

The centerpiece claim comes from the DHS fact sheet [1], which states that a review of the first public voter files from four states that had not used the SAVE system — California, Pennsylvania, New Jersey and Nevada — revealed "over 250,000 non-citizens" illegally registered to vote, with election officials in those states notified and the investigation expanding. The same document reports that, as of June 22, 2026, twenty-five states had processed more than 68 million registration records through USCIS's enhanced SAVE system, ten of them submitting full voter lists, yielding over 400,000 deceased registrants and over 28,000 non-citizens identified. A state-by-state table shows Texas leading in deceased registrants (111,573) and Georgia in non-citizen matches (2,549), down to Idaho's 49. The fact sheet also discloses a significant legal constraint: many SAVE enhancements "have been suspended pending appeal" following rulings by Judge Sparkle Sooknanan, whom the document labels an "activist." Its closing section is overtly political, attributing the problem to Biden administration "open border policies" and contrasting "alien-first" with "American-first" states — framing that signals the document is advocacy as much as reporting. DHS also commits to supporting a DOJ review of voter files under the National Voter Registration Act of 1993 and the Help America Vote Act of 2002.

The companion report [2], a July 2026 unclassified DHS/CISA product, argues the rolls themselves are a national-security vulnerability. It asserts that recently declassified records show China breached multiple state voter registration systems before the 2020 election, and that hackers have attempted breaches in all 50 states with confirmed successes in at least 20 — while "experts have routinely minimized" the significance. Its incident history spans 2016–2023: Russian SQL-injection access to county voter files and theft of roughly 500,000 voter records in July 2016, a Riverside County party-affiliation alteration scheme, a hacked verification-software vendor, a January 2017 federal assessment that at least seven states were compromised, Kennesaw State University's exposure of nearly 7 million Georgia records in 2017, Iranian actors obtaining voter data in at least one of 12 targeted states in September 2020, and a 2023 New Hampshire vendor whose replacement database software connected to Russian servers and contained the hard-coded Ukrainian national anthem. The report's core warning is that stolen registration data "does not get stale": 2021 breach data could fuel mass absentee-ballot requests in 2028 or quiet, distributed alteration of registrations. It prescribes offline backups, multifactor authentication, network segmentation, 15-day patching of critical vulnerabilities, and 30-day recoverable backups, and situates election data within a broader PII-breach landscape — 143 million affected in 2017, 2.9 billion records in 2024, 22.65 million in 2025.

Read together, the collection advances a dual thesis: that non-citizen registrations exist at scale on rolls in non-SAVE states, and that those same rolls are exposed to foreign cyber manipulation — while the redaction bar on the fact sheet and its partisan framing invite scrutiny of the headline numbers.

Themes in this collection
Claimed non-citizen registration at scale

DHS asserts over 250,000 non-citizens are registered in California, Pennsylvania, New Jersey and Nevada, plus 28,000 more identified via SAVE in 25 participating states, framing it as a national security threat that dilutes citizens' votes.

The SAVE system and list maintenance

Twenty-five states processed 68+ million records through USCIS's enhanced SAVE system by June 22, 2026, identifying over 400,000 deceased registrants; a table ranks ten 'Proactive SAVE User States' led by Texas and Georgia.

Legal and judicial constraints

Many SAVE enhancements were suspended pending appeal due to rulings by Judge Sparkle Sooknanan, and DHS pledges support for a DOJ voter-file review under the NVRA and HAVA.

Foreign cyber intrusions into voter databases

The DHS/CISA report catalogs Russian, Chinese and Iranian operations from 2016–2023, claiming attempted breaches in all 50 states, confirmed successes in at least 20, and a declassified Chinese breach of multiple state systems before the 2020 election.

Vendor and supply-chain risk

Incidents include a hacked voter-verification software vendor (2016), Kennesaw State's exposure of nearly 7 million Georgia records, and a 2023 New Hampshire vendor whose offshored software connected to Russian servers.

Weaponization of stolen voter data

The report warns breach data 'does not get stale' — records stolen in 2021 could drive mass absentee-ballot requests in 2028 or carefully distributed alteration and deletion of registrations that evades detection.

Prescribed defenses

Recommended mitigations include offline backups, multifactor authentication, DMARC, network segmentation, .gov domains, Malicious Domain Blocking and Reporting, 15-day critical-vulnerability patching, and 30-day recoverable backups.

Partisan framing

The fact sheet attributes non-citizen registration to Biden administration 'open border policies' and contrasts 'alien-first' with 'American-first' states, blending enforcement data with political messaging.

Chronology

Timeline drawn from the documents

Open the timeline 16 dated entries
June 2016
Russian government cyber actors exploit SQL database vulnerabilities and access voter registration files from a US county website in at least two instances, per FBI reporting.
July 2016
Riverside County, California DA reveals a bad actor used the state voter registration website to change party affiliations of many voters; separately, Russian actors hack a state board of elections website and steal information on ~500,000 voters.
August 2016
Russian actors hack a U.S. vendor supplying voter-registration verification software; DHS and FBI later confirm Russian probing of voter registration databases in all 50 states during 2016.
January 2017
White House officials report the federal assessment that voter registration networks in at least seven states were compromised.
March 2017
Kennesaw State University, which supported Georgia's voter registration database, is found to have exposed nearly 7 million voter records — including driver's license and Social Security numbers — possibly for up to seven months.
July 2017
A credit reporting firm breach affects a potential 143 million U.S. citizens.
February 10, 2020
DOJ indicts four members of China's People's Liberation Army in connection with a major data breach.
September 2020
CISA and FBI report Iranian Republic Guard Corp members obtained voter registration data in at least one state and targeted 11 others where success could not be determined.
Before November 2020
Per recently declassified records cited in the report, China breached multiple state voter registration systems prior to the 2020 election.
2022
Chinese actors scan state government websites.
2023
New Hampshire officials discover a vendor replacing the state's voter registration database offshored the work; the software was configured to connect to Russian servers and contained the hard-coded Ukrainian national anthem, corrected before deployment.
April 2024
A background check firm breach exposes 2.9 billion records covering 170 million individuals, offered on the Dark Web for $3.5 million.
June 2025
An insurance provider breach affects 22.65 million individuals.
June 22, 2026
DHS reports 25 states have processed more than 68 million registration records through the enhanced SAVE system (10 states processing full voter lists), identifying over 400,000 deceased registrants and over 28,000 non-citizens.
circa June 2026 (undated)
DHS fact sheet claims over 250,000 non-citizens are illegally registered in California, Pennsylvania, New Jersey and Nevada; notes SAVE enhancements suspended pending appeal after rulings by Judge Sparkle Sooknanan; pledges support for DOJ voter-file review under NVRA and HAVA.
July 2026
DHS/CISA publish the unclassified report 'Recognizing and Addressing Threats to Statewide Voter Registration Databases,' warning election officials and prescribing mitigations.
The documents

Every document in this collection

Summaries and key findings below are drawn solely from each document. Open the original PDF alongside any entry.

U.S. Department of Homeland Security 1 page

Preventing Alien Voting

unmarkedfact sheetlight redactions

This one-page Homeland Security fact sheet claims that a review of voter files found over 250,000 non-citizens illegally registered to vote in California, Pennsylvania, New Jersey and Nevada. It also reports that, as of June 22, 2026, 25 states checked more than 68 million registration records against a federal citizenship database, flagging over 400,000 dead registrants and 28,000 non-citizens. The document blames Biden-era border policies for the problem.

“OVER 250,000 NON-CITIZENS ARE ILLEGALLY REGISTERED TO VOTE IN JUST THE FOUR STATES FOR WHICH PUBLIC DATA FILES HAVE BEEN REVIEWED.”

From this document, p. 1
Full summary & key findings

DHS claims that a review of public voter files from states not using its immigration-status verification system (SAVE) found over 250,000 non-citizens illegally registered to vote in California, Pennsylvania, New Jersey and Nevada, and says those states' election officials have been notified. The fact sheet reports the investigation is expanding and that DHS will support the Justice Department's review of voter files under the National Voter Registration Act of 1993 and the Help America Vote Act of 2002. As of June 22, 2026, it says 25 states had run more than 68 million registration records through the enhanced SAVE system (10 processing full voter lists), identifying over 400,000 deceased registrants and over 28,000 non-citizens; a table of ten "proactive" states is led by Texas (111,573 deceased; 2,296 non-citizens) and Georgia (2,549 non-citizens). It notes SAVE enhancements were suspended pending appeal, blaming "activist Judge Sparkle Sooknanan," and attributes the problem to Biden-era "open border policies," contrasting "alien-first" with "American-first" states.

  • DHS claims over 250,000 non-citizens are illegally registered to vote in just four states — California, Pennsylvania, New Jersey and Nevada — based on review of public voter files from states that have not used the SAVE system.
  • State election officials in California, Pennsylvania, New Jersey and Nevada have been notified; DHS says the investigation is expanding to multiple additional states.
  • DHS states it will support the Department of Justice's review of voter files obtained under the National Voter Registration Act of 1993 and the Help America Vote Act of 2002.
  • As of June 22, 2026, 25 different states had processed more than 68 million registration records through the SAVE system; 10 states processed their full voter lists.
  • DHS says SAVE processing enabled states to identify over 400,000 deceased registrants and over 28,000 non-citizens who illegally registered to vote.
  • A 'Proactive SAVE User States' table lists deceased/non-citizen counts: Georgia 42,776/2,549; Ohio 59,774/769; Tennessee 37,850/1,009; Texas 111,573/2,296; North Carolina 34,622/1,599; Idaho 4,328/49; Alabama 33,165/465; Missouri 10,660/1,112; Louisiana 15,231/419; Kansas 10,197/449.
  • The document states that other states signed Memoranda of Agreement with USCIS to use SAVE, but that many SAVE enhancements 'have been suspended pending appeal' due to the actions of 'the activist Judge Sparkle Sooknanan.'
  • The closing 'UNAMBIGUOUS CONTRAST' section attributes the situation to 'open border policies of the Biden administration' and asserts states with 'alien-first policies' have disproportionate numbers of non-citizens on voter rolls.
  • The document characterizes non-citizen registration as a 'serious threat to national security' and warns US citizens 'are at risk of having their votes diluted by ineligible alien voters.'
View original PDF 135 KB · 1 pp
U.S. Department of Homeland Security / Cybersecurity and Infrastructure Security Agency July 2026 11 pages

Recognizing and Addressing Threats to Statewide Voter Registration Databases

UNCLASSIFIEDreport

This DHS report warns state election officials that hackers have tried to break into voter registration databases in all 50 states, succeeding in at least 20, and says recently declassified records show China breached several state systems before the 2020 election. It recounts past incidents, including Russian hackers stealing about 500,000 voter records in 2016, and warns stolen data could be used to request absentee ballots or quietly alter registrations years later.

“Recently declassified records revealed that China breached multiple state voter registration systems prior to the 2020 election.”

From this document, p. 2
Full summary & key findings

The report tells state and local election officials that recently declassified records revealed China breached multiple state voter registration systems before the 2020 election, that hackers have attempted breaches in all 50 states with confirmed successes in at least 20, and that experts have routinely minimized these breaches. It catalogs incidents from 2016-2023: Russian actors accessing county voter files and stealing about 500,000 voter records, a Riverside County, California party-affiliation alteration scheme, Russian hacking of a voter-verification software vendor, a January 2017 federal assessment that at least seven states' networks were compromised, Kennesaw State University exposing nearly 7 million Georgia voter records, Iranian actors obtaining voter data in at least one of 12 targeted states, and a New Hampshire vendor's replacement database software configured to connect to Russian servers. The report warns stolen data could be used to request absentee ballots at scale or quietly alter or delete registrations, cites non-election breaches affecting 143 million (2017), 2.9 billion records (2024), and 22.65 million people (2025), and prescribes safeguards including offline backups, multifactor authentication, network segmentation, 15-day patching of critical vulnerabilities, and collaboration with DHS.

  • The report states that recently declassified records revealed China breached multiple state voter registration systems prior to the 2020 election.
  • Hackers have attempted to breach voter registration systems in all 50 states, with confirmed successes in at least 20 states, while experts have routinely minimized the significance of these breaches.
  • In June 2016, Russian government cyber actors exploited SQL database vulnerabilities and, in at least two instances, accessed voter registration files from a US county website, per FBI reporting.
  • In July 2016, the Riverside County, California District Attorney revealed a bad actor used the state's voter registration website and voters' personal data to change the party affiliation of a large number of registered voters without consent.
  • In July 2016, Russian actors hacked a state board of elections website and stole information on approximately 500,000 voters, including names, addresses, partial Social Security numbers, dates of birth, and driver's license numbers; in August 2016 they hacked a U.S. vendor supplying voter-registration verification software.
  • DHS and FBI confirmed Russian actors probed voter registration databases in all 50 states in 2016; in January 2017 White House officials reported the federal assessment that networks in at least seven states were compromised.
  • In March 2017, Kennesaw State University, which supported Georgia's voter registration database, was found to have exposed nearly 7 million voter records, including driver's license and Social Security numbers, possibly for as long as seven months.
  • In September 2020, CISA and FBI reported members of the Iranian Republic Guard Corp obtained voter registration data in at least one state and targeted 11 others where success could not be determined.
  • In 2023, New Hampshire officials discovered a vendor replacing the state's voter registration database had offshored part of the project; the software was configured to connect to servers in Russia and a programmer had hard-coded the Ukrainian national anthem into the database, corrected before deployment.
  • The report warns stolen VRDB data does not go stale: breach data from 2021 could be used to request absentee ballots in 2028, or to alter or delete registrations at scale in ways that might go unnoticed if carefully distributed.
  • Recommended mitigations include offline database backups, multifactor authentication, DMARC, network segmentation, endpoint detection, .gov domains, Malicious Domain Blocking and Reporting, remediating critical vulnerabilities within 15 calendar days, and backups recoverable to at least 30 days prior.
  • Non-election breaches cited as election-relevant: a July 2017 credit reporting firm breach affecting a potential 143 million U.S. citizens; a February 10, 2020 DOJ indictment of four Chinese PLA members; an April 2024 background check firm breach of 2.9 billion records covering 170 million individuals offered on the Dark Web for $3.5 million; and a June 2025 insurance provider breach affecting 22.65 million individuals.
View original PDF 484 KB · 11 pp
Citations

References

Documents cited in the narrative and timeline above. Each reference links to the document’s entry on this page and its original PDF.

  1. Preventing Alien Voting — U.S. Department of Homeland Security · 1 ppPDF
  2. Recognizing and Addressing Threats to Statewide Voter Registration Databases — U.S. Department of Homeland Security / Cybersecurity and Infrastructure Security Agency · July 2026 · 11 ppPDF