Election systems across 39 different states showed traces of attacks by Russian hackers after an examination during last year’s election, according to a new report from Bloomberg. In some cases, the attackers even gained access to state-level voter roll data, compromising records on as many as 90,000 voters.

It’s unclear how much of the government was already aware of those efforts. Last week, Senator Mark Warner (D-VA), who attends classified briefings as part of the Senate Intelligence Committee, suggested the full scope of Russian involvement in the election had not yet been revealed. "I don't believe they got into changing actual voting outcomes," Warner said in an interview last week. "But the extent of the attacks is much broader than has been reported so far." 

The heart of the compromise seems to have been Illinois, which was compromised in late July 2016. According to Bloomberg’s report, attack signatures from the Illinois attack were detected in 37 other states, including critical election managers in Florida and California. Not each of those signature hits necessarily indicates a compromise, but it suggests a broad, concerted effort to compromise US election systems.

There’s still no evidence that the attacks compromised the vote tallies or election results in any state. The closest the attackers came was voter registration databases, which could, in theory, be altered to strategically erase registrations. But the compromises described by Bloomberg only affected state databases rather than the county-level data that’s used by polling places, and the distributed nature of the US election system seems to have prevented them from reaching further. There’s also no indication that any voting machines were compromised.

Still, any election-related compromise is alarming, and many expressed concern to Bloomberg that the lessons learned in the attack could be used to compromise future elections.

The news comes on the heels of a leaked NSA report, which detailed direct attacks on an election contractor in Florida, as well as various online absentee services. The alleged source of that report, an NSA contractor named Reality Leigh Winner, was arrested on federal charges shortly before the report became public.