The email that gave Russian hackers access to an Arizona registration base looked like it came from an employee, and any normal person would have clicked on it, Arizona Secretary of State Michele Reagan said Wednesday.
Reagan's comment came during a panel discussion at the Cambridge Cyber Summit in Cambridge, Massachusetts, hosted by CNBC, MIT and The Aspen Institute.
The widespread fear among law enforcement and other branches of government is that Russian officials may be trying to undermine confidence in the U.S. electoral system at a time of heightened tensions between the two countries.
Whatever the motivation, accessing voter registration databases can have all kinds of uses among criminals, Mark Testoni, president and CEO of SAP Security Services, said during the panel.
Reagan emphasized the fact that the hackers only accessed voter registration data, not any mechanism for tallying votes.
"We got lucky this time," she said.
In a later interview on CNBC's "Squawk on the Street," Reagan described the steps immediately taken when the breach was detected, including taking the entire system offline.
"At that moment in time, the most important thing was what do we do with that database? How do we inspect it? We need to make sure that no information was taken, no information was altered, a virus wasn't inserted into that system," she said.
Reagan also talked about ways to prevent future hacks, such as multifactor authentication for logins and stronger passwords.
— CNBC's Matthew J. Belvedere contributed to this report.
Correction: This story was revised to correct the spelling of Michele Reagan's first name.
The conference is sponsored by CNBC, MIT and The Aspen Institute.