9 August 2023

UK's Electoral Commission says hackers had access to its systems for more than a year


UK's Electoral Commission says hackers had access to its systems for more than a year

The UK's Electoral Commission revealed it was hacked by “hostile actors” who gained access to electoral registers, suggesting that the personal data of tens of millions of voters could have been stolen.

The intrusion began in August 2021, however, the breach was detected only in October 2022, after the watchdog noticed suspicious activity on its systems.

According to the commission, the attackers gained access to the email servers, the control systems, and copies of the electoral registers containing information on the UK citizens who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

The personal data affected in the breach includes names, first names and surnames; email addresses (personal and/or business); home address if included in a webform or email; contact telephone number (personal and/or business); content of the webform and email that may contain personal data; any personal images sent to the commission.

“According to the risk assessment used by the Information Commissioner’s Office to assess the harm of data breaches, the personal data held on the electoral registers – typically name and address – does not in itself present a high risk to individuals. It is possible however that this data could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behaviour or to identify and profile individuals,” the watchdog said, adding that the attack has not had an impact on the electoral process.

The organization did not reveal who was behind the hack.

Back to the list

Latest Posts

North Korean Lazarus Group targets software devs in Operation 99 campaign

North Korean Lazarus Group targets software devs in Operation 99 campaign

Operation 99 aims to steal sensitive information, including source code, configuration files, API keys, and crypto wallet credentials.
20 January 2025
Threat actors impersonating Ukraine’s CERT using AnyDesk

Threat actors impersonating Ukraine’s CERT using AnyDesk

In these cases, threat actors sent requests to connect via AnyDesk, falsely claiming to represent CERT-UA.
20 January 2025
Europol's largest-ever operation seizes millions in criminal assets worldwide

Europol's largest-ever operation seizes millions in criminal assets worldwide

The global operation uncovered 83 crypto wallets and addresses linked to criminal organizations.
20 January 2025