UK Electoral Commission cyberattack exposes data of 40 million voters

LONDON: The UK Electoral Commission disclosed a significant cyber breach, potentially compromising the personal data of up to 40 million voters, according to a statement released by the commission.

The watchdog revealed that “hostile actors” first accessed its systems in August 2021, with the breach only being detected in October 2022 due to suspicious activities. The attackers managed to infiltrate the commission’s servers, which housed emails, control systems, and copies of the electoral registers spanning from 2014 to 2022.

The breach includes details of individuals registered to vote in the UK and those registered as overseas voters.

While the data from the electoral registers did not encompass those registered anonymously, the commission’s email system was accessible during the attack, raising concerns over the potential misuse of such data.

Read more: Alert issued after ECP comes under cyber attack

Shaun McNally, the Chief Executive of the Electoral Commission, expressed regret over the incident, stating that while they are aware of which systems were accessed, it remains challenging to conclusively determine the exact files that might have been compromised.

Meanwhile, The Telegraph hinted at Russia being a primary suspect behind the cyberattack, although further details remain undisclosed.

The incident is a good reminder that while dealing in data, robust cybersecurity measures, especially in systems that safeguard sensitive data should be prioritised by public and private organisations alike.