Electoral Commission reveals it was targeted by cyber attack in 2021 with hackers accessing name and address details of anyone registered to vote
- Elections watchdog says cyber incident was first identified last October
- Attack in August 2021 involved systems being accessed by ‘hostile actors’
The Electoral Commission apologised today after revealing it was targeted by a cyber attack which allowed ‘hostile actors’ to access electoral registers conta9ining the details
The UK elections watchdog said it was first hacked two years ago but it has not been able to ‘know conclusively’ what information had been accessed.
The major security breach allowed the attackers to access reference copies of electoral registers containing the names and addresses of people registered to vote between 2014 and 2022, potentially millions of people.
The London-based body added that the largely paper-based process of elections meant it would be ‘very hard’ for hackers to influence the outcome of a vote.
The incident was announced today, nearly a year after it was identified in October last year and two years since the attackers first accessed its systems in August 2021.
The watchdog – an independent body overseeing elections and regulating political finance – has apologised to people whose information was accessible to the hackers.
Electoral Commission chief executive Shaun McNally, pictured visiting polling stations with his dogs on voting day on May 5 last year, in a photograph issued by the commission
The attackers were able to access reference copies of the electoral registers, held by the body for research purposes and for permissibility checks on political donations.
The commission said the registers held at the time of the cyber attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
Electoral Commission chief executive Shaun McNally said: ‘The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.
‘This means it would be very hard to use a cyber attack to influence the process.
The Electoral Commission has its headquarters located at 3 Bunhill Row in the City of London
‘Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.’
The registers did not include the details of those registered anonymously. The commission’s email system was also accessible during the attack.
The commission said it had worked with the National Cyber Security Centre and external experts to investigate the incident and had since made improvements to the security of its IT systems.
Mr McNally added: ‘We regret that sufficient protections were not in place to prevent this cyber attack.
The Electoral Commission revealed this afternoon that it had been targeted by a cyber attack
‘Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.’
He added: ‘We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.
‘While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.’
Source: Read Full Article
