The United Kingdom's electoral oversight body has disclosed that it fell victim to a "sophisticated cyber-attack," potentially impacting a significant number of voters.
The Electoral Commission revealed that undisclosed "hostile actors" were able to breach copies of the electoral registers dating back to August 2021. This intrusion extended to infiltrating email accounts and "control systems," although the breach remained undetected until October of the previous year.
The commission has cautioned individuals to remain vigilant against unauthorised utilisation of their data.
Through a public announcement, the commission outlined that the compromised registers were retained for research purposes and for conducting assessments of political contributors. The data accessed during the breach encompassed the names and addresses of individuals within the UK who registered to vote from 2014 to 2022.
This encompassed individuals who chose to withhold their details from the public "open register," accessible through means like credit reference agencies.
The accessed data also contained names (excluding addresses) of overseas voters, while those who registered anonymously for safety or security reasons remained unaffected, the commission assured.
Quantifying the exact number of individuals potentially affected proves challenging, but it estimates each annual register to encompass around 40 million entries.
While the personal data hosted on email servers is deemed of low risk to individuals, specific information contained in email content or attachments could be vulnerable.
Importantly, the incident has not compromised the repository of information related to donations and loans to political entities or registered campaigners.
The Chief Executive Officer, Shaun McNally, expressed understanding of public apprehension and extended apologies to those impacted.
In response, the commission has undertaken measures to bolster its systems against future attacks. These enhancements include updates to login protocols, alert mechanisms, and firewall policies.
