Incident & Breach Response , Security Operations

UK Electoral Commission Suffered 'Complex' Hack in 2021

Agency Detected the Incident in October 2022 - Over 1 Year After the Hack
UK Electoral Commission Suffered 'Complex' Hack in 2021
Image: Shutterstock

The U.K. Electoral Commission suffered a "complex cyber-attack" in 2021, resulting in hackers accessing sensitive voter information.

See Also: Meeting the Mandate: A Proactive Approach to Cybersecurity Compliance and Incident Reporting

In a statement released Tuesday, the commission said the agency had detected the hack in October 2022, almost one year after the attackers compromised its network in August 2021.

Shaun McNally, the Electoral Commission's chief executive officer, said the attack had resulted in hackers accessing copies of electoral register files that the agency uses for research purposes. The files contained information such as names and details of individuals registered to vote between 2014 and 2022.

"The Commission's email system was also accessible during the attack," McNally said. "We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed."

The commission did not disclose further details on the nature of the hack, but it said there is no evidence that the exfiltrated data has been "copied, removed or published online." The agency added that it had worked with the U.K.'s National Cyber Security Agency to investigate the incident further.

In an emailed response, the NCSC refused to disclose more information regarding the hack, adding that the agency had assisted the commission in its recovery process.

A spokesperson for the Information Commissioner's Office said the commission had notified the data regulator within the 72-hour deadline for breach notifications. The data regulator requested that individuals who fear their data could have been compromised in the hack contact the ICO or check its website "for advice and support."

The disclosure of the hack comes just days after the government warned of increased cyberthreats to the country's critical infrastructure, such as voting systems, to decrease "public trust in the government" and disrupt "democratic processes (see: UK Sounds Warning Over Targeted Healthcare Attack).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.