There were nearly 150,000 attempts to penetrate the voter-registration system on Election Day 2016, State Election Commission says.

To understand the scale of the hacking attempts against election systems in the 2016 presidential election, consider South Carolina. On Election Day alone, there were nearly 150,000 attempts to penetrate the state’s voter-registration system, according to a postelection report by the South Carolina State Election Commission.

And South Carolina wasn’t even a competitive state. If hackers were that persistent against a state that President Donald Trump won comfortably, with 54.9% of the vote, it suggests they may have targeted political swing states even more. In harder-fought Illinois, for instance, hackers were hitting the State Board of Elections “5 times per second, 24 hours per day” from late June until Aug. 12, 2016, when the attacks ceased for unknown reasons, according to an Aug. 26, 2016, report by the state’s computer staff. Hackers ultimately accessed approximately 90,000 voter records, the State Board of Elections said. Unlike in Illinois, South Carolina didn’t see evidence that any attempted penetration succeeded, said Chris Whitmire, the State Election Commission’s director of public information and training, last week. Most of the attempted intrusions in that state likely came from automated computer bots, not thousands of individual hackers. “Security has been a top priority for the [State Election Commission] since implementing the statewide voting system in 2004,” Mr. Whitmire said about South Carolina. “However, events leading up to the 2016 General Election, including the breaches of other states’ voter-registration systems, created an election-security environment that was very different,” he added. South Carolina’s and Illinois’s cases aren’t unique, as many states faced virtual threats.

There is evidence that 21 states were potentially targeted by hackers, said Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the U.S. Department of Homeland Security, at a Senate Intelligence Committee hearing last month.

Those hackers were at work months before some of their targets, and the American public, knew. The Democratic National Committee didn’t kick out suspected Russian hackers for 11 months, until June 2016, according to a report issued by U.S. intelligence agencies. Also in June, the Democratic Congressional Campaign Committee learned that suspected Russian hackers had breached its network at least two months earlier. Russian President Vladimir Putin has denied any government role in either hack. In Illinois, the computer staff at the State Board of Elections noticed on July 12 that the activity of its server for the voter-registration database “had spiked to 100% with no explanation,” according to the state’s report. The next day, Illinois took its voter-registration database and public-facing website offline for a week, but the hackers already had accessed roughly 90,000 voter records. No records were altered, according to the state’s report.

By Election Day, South Carolina had resolved all but one low-risk vulnerability, according to a DHS report dated Nov. 8. Malicious actors, who haven’t been identified, tried 149,832 times to find it, according to the South Carolina State Election Commission’s report. Data on the number of hacking attempts in the days before Election Day—or from the 2012 general election—weren’t included in the report and the commission declined a request for those numbers. Mr. Whitmire said the state saw no indication that it was targeted specifically, but the data show a potential correlation between the election and the virtual assault. While stray malware hits firewalls regularly, the number of subsequent attempted intrusions against the commission didn’t match the amount observed on Election Day, according to the state’s report, which listed the number of attempted penetrations on the second Tuesday of each month between November 2016 and April 2017. A month after Election Day, on Dec. 13, the number of hits dropped to 113,372. The attempted penetrations never again rose above 100,000, ultimately decreasing to just 44,754 attempts on April 11.

More From The Wall Street Journal (subscription required):