The vulnerabilities of the American electoral system don’t stop at email hacks as, Reuters reports, following the Nov. 8 election the U.S. Election Assistance Commission, the very federal agency that is charged with testing and certifying state voting systems, was itself hacked. The hack was discovered by a cybersecurity firm that detected someone selling logins to the Election Assistance Commission on the black market. The Russian-speaking hacker had more than 100 logins for commission employees and was attempting to sell them for as little as a few thousands dollars to Middle Eastern countries.

What is the potential fallout from such a breach? From Reuters:

The election commission certifies voting systems and develops standards for technical guidelines and best practices for election officials across the country… Though much of the commission’s work is public, the hacker gained access to non-public reports on flaws in voting machines. In theory, someone could have used knowledge of such flaws to attack specific machines, said Matt Blaze, an electronic voting expert and professor at the University of Pennsylvania. The researchers were confident that the hacker moved to sell his access soon after getting it, meaning that he was not inside the system before election day.

The Election Assistance Commission issued a statement Thursday evening on the breach:

The EAC is currently working with Federal law enforcement agencies to investigate the potential breach and its effects. The EAC does not administer elections. State and local jurisdictions run elections… The EAC does not collect or store any personal information of voters. The EAC does not maintain voter databases. The EAC does not tabulate or store vote totals.