The UK's Electoral Commission revealed it was hacked by “hostile actors” who gained access to electoral registers, suggesting that the personal data of tens of millions of voters could have been stolen.
The intrusion began in August 2021, however, the breach was detected only in October 2022, after the watchdog noticed suspicious activity on its systems.
According to the commission, the attackers gained access to the email servers, the control systems, and copies of the electoral registers containing information on the UK citizens who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
The personal data affected in the breach includes names, first names and surnames; email addresses (personal and/or business); home address if included in a webform or email; contact telephone number (personal and/or business); content of the webform and email that may contain personal data; any personal images sent to the commission.
“According to the risk assessment used by the Information Commissioner’s Office to assess the harm of data breaches, the personal data held on the electoral registers – typically name and address – does not in itself present a high risk to individuals. It is possible however that this data could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behaviour or to identify and profile individuals,” the watchdog said, adding that the attack has not had an impact on the electoral process.
The organization did not reveal who was behind the hack.