Representative Gillette (R-30) spoke exclusively to State 48 News, revealing that he’s been sounding the alarm on Arizona’s cybersecurity vulnerabilities for over three years.

Gillette’s cybersecurity bill HB2736 passed the House unanimously and cleared a Senate committee, but it was ultimately held and never made it to the Committee of the Whole for a vote.

State 48 News also spoke with Senate President Warren Petersen (R-14), who explained the holdup:

“It was held as a money bill and didn’t make it into the budget. All money bills get held until the budget is negotiated, ” said Petersen.

Representative Gillette told State 48 News that some of Arizona’s government systems are so outdated they can’t even interface with modern technology. He cited the Department of Real Estate as one example—its software was custom-built by a former in-house developer, and now that individual is no longer available, no one else knows how to maintain or update the system.

He also flagged a major concern at the Department of Revenue: the agency lacks the technical capability to audit 1099 tax returns internally. Instead, all audits are outsourced to a private firm based out of state, raising serious concerns about efficiency, oversight, and the security of sensitive taxpayer data.

Gillette outlined multiple instances where Arizona’s systems are woefully unprotected. He pointed to the Maricopa County Recorder’s Office—under former Recorder Adrian Fontes—as having developed its own election system. According to Gillette, that system is likely “more secure than the state’s,” yet he questions the legality and oversight behind its integration.

“Who gave them the authority to connect their system to the State of Arizona’s infrastructure?” he asked, noting that he has issued Freedom of Information Act (FOIA) requests to find out.

As for the recent breach at the Secretary of State’s Office, Gillette said the state’s response was essentially, “like putting a finger in the hole of the dam, hoping it doesn’t break.”

ICYMI here is the background on the controversy:

Last week, hackers infiltrated the Candidate Portal on the Arizona Secretary of State’s website, swapping out candidate photos and potentially accessing private profile data just weeks before the Congressional District 7 primary election.

🔍 What Happened

• Unauthorized Access: Around June 23, cybersecurity teams detected abnormal activity affecting the portal used by candidates to file documents and images.

• Immediate Response: Officials shut down the portal for a full week, rerouted candidate filings via alternative channels, and required password resets when the system went back online.

• Data at Risk: While candidate photos were visibly altered, the scope of exposed personal information is still under investigation. Voter registration and petition systems remained unaffected.

🛡️ Who’s Involved

• Secretary Fontes’ Office collaborated with the Arizona Department of Homeland Security, National Guard, and a private cybersecurity firm in the investigation.

• Responding to the breach, they “tuned security controls” and shared threat intelligence with partners, according to a July 1 press release.

🗣️ Public Reaction

• Some political groups criticized Secretary Adrian Fontes for insufficient transparency, urging more public disclosure.

• The office defended its actions, pointing out that it had briefed lawmakers and upheld a proactive cybersecurity posture.

Here’s a link to a story by State 48’s Christy Kelly for the Arizona Globe, including links to the online drama and finger-pointing that followed the public disclosure of the breach.