The UK’s Electoral Commission has been hit by a cyberattack.
In October 2022, “suspicious activity was detected on our systems,” the Commission says(Opens in a new window). An investigation determined that “hostile actors” gained access to the systems over a year before, in August 2021, but details were not shared until today.
As to why it took so long for this to be made public, the Commission tells the BBC(Opens in a new window) it had to make sure the hackers’ access had been severed. “If you go public on a vulnerability before you have sealed it off, then you are risking more vulnerabilities,” says Commission Chair John Pullinger.
The attack gave the hackers access to the Commission’s servers, which stored old copies of the electoral registers, the Commission’s control systems, its email, as well as information about political donations. Hackers were also able to access the names and addresses of anyone in the UK who registered to vote between 2014 and 2022, as well as those registered overseas.
The Commission determined that the register data had not been amended or changed in any way and remains in its original form. Much of the data contained in the register is also already in the public domain.
It also notes that the attack “has not had an impact on the electoral process, has not affected the rights or access to the democratic process of any individual, nor has it affected anyone’s electoral registration status.” The personal data accessed “is also unlikely to present a high risk to individuals unless someone has sent us sensitive or personal information in the body of an email,” it says.
The Commission says that individuals don’t need to take immediate action. However, those who registered to vote in the UK between 2014 and 2022 should keep a close eye on their personal data going forward to ensure it is not used in nefarious ways.
Recommended by Our Editors
The Commission says it “worked with external security experts and the National Cyber Security Centre to investigate and secure its systems.”
The Commission does not currently know the source of the attack.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0