Electoral Commission breach reveals data of 40 million UK voters

Hackers accessed the personal info of about 40 million U.K. voters for over a year due to a cyberattack on the Electoral Commission. On Tuesday, the commission, which oversees U.K. elections, noticed suspicious activity on its network in October 2022. They later confirmed that “hostile actors” had initially breached their systems in August 2021.

“We needed to remove the actors and their access to our system. We had to assess the extent of the incident to understand who might be impacted and liaise with the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). We also needed to put additional security measures in place to prevent any similar attacks from taking place in the future,” the spokesperson said.

U.K. Election Security Unaffected by Incident

It’s unclear how much data the attackers took from the Electoral Commission’s systems. The data that might be affected includes full names, email addresses, home addresses, phone numbers, personal pictures sent to the Commission, and info given through email or online forms. Even though a lot of this info is already out there, it could be combined with other data to determine how people behave or who they are. The Electoral Commission says that the safety of U.K. elections wasn’t harmed.

“We provided the Electoral Commission with expert advice and support to aid their recovery after a cyber incident was first identified,” the NCSC spokesperson said, who declined to provide their name. “Defending the UK’s democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems.”

When asked for a statement, James Huyton, a representative from ICO, admitted that the Electoral Commission had informed the data protection agency about the breach. However, he did not explain the nine-month delay in disclosing the breach to the public.