Hack left majority of UK voters' data exposed for over a year

The UK's Electoral Commission has revealed that some personal information of around 40 million voters was left exposed for over a year. The agency — which regulates party and election finance and elections in the country — said it was the target of a “complex cyberattack.” It first detected suspicious activity on its network in October 2022, but said the intruders first gained access to its systems in August 2021.

The perpetrators found a way onto to the Electoral Commission's servers, which hosted the agency's email and control systems, as well as copies of the electoral registers. Details of donations and loans to registered political parties and non-party campaigners were not affected as those are stored on a separate system. The agency doesn't hold the details of anonymous voters or the addresses of overseas electors registered outside of the UK.

The data that was exposed included the names and addresses of UK residents who registered to vote between 2014 and 2022, along with those who are registered as overseas voters. Information provided to the commission through email and web forms was exposed too. 

"We know that this data was accessible, but we have been unable to ascertain whether the attackers read or copied personal data held on our systems," the commission said. The agency confirmed to TechCrunch that the attack could have affected around 40 million voters. According to UK census data, there were 46.6 million parliamentary electoral registrations and 48.8 million local government electoral registrations in December 2021.

The Electoral Commission says it had to adopt several measures before disclosing the hack. It had to lock out the "hostile actors," analyze the possible extent of the breach and put more security measures in place to stop a similar situation from happening in the future.

Data in the electoral registers is limited and much of it is in the public domain already, the agency said. As such, officials don't believe the data by itself represents a major risk to individuals. However, the agency warned, it's possible that the information "could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals."

The Electoral Commission also noted that there was no impact on UK election security as a result of the attack. "The data accessed does not impact how people register, vote, or participate in democratic processes," it said. "It has no impact on the management of the electoral registers or on the running of elections. The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process."

This article originally appeared on Engadget at https://www.engadget.com/hack-left-majority-of-uk-voters-data-exposed-for-over-a-year-150045052.html?src=rss https://www.engadget.com/hack-left-majority-of-uk-voters-data-exposed-for-over-a-year-150045052.html?src=rss
Created 1y | Aug 8, 2023, 4:50:24 PM


Login to add comment

Other posts in this group

'Doctor Who: Joy to the World review:' What a star

Spoilers follow for “Joy to the World.”

If there’s one thing Steven Moffatt loves to do with Doctor Who, it’s to find a monster buried in the mundane. He’s

Dec 25, 2024, 7:30:19 PM | Engadget
The best ways to spend your $50 gift card

If you received a bunch of gift cards for the holidays, consider it a blessing. Whoever gave them to you likely wanted to give you a gift you'd actually use, and rather assume (incorrectly), they w

Dec 25, 2024, 2:50:09 PM | Engadget
The best couch co-op games for PC, Nintendo Switch, PS5 and Xbox

A million different online multiplayer games seem to arrive each week, but good games you can play on the couch with a buddy aren’t as common. If you’re looking for a suggestion, we’ve rounded up a

Dec 25, 2024, 10:20:07 AM | Engadget
Android phone makers dropped the ball on Qi2 in 2024

Android phones have been the first to feature a bunch of notable standards. They were the first to support

Dec 24, 2024, 8:20:08 PM | Engadget
Flying taxi maker Lillium lays off 1,000 workers and ceases operations

Lilium, a company working on flying taxis that can take off and land vertically, has ceased operations. As

Dec 24, 2024, 5:50:11 PM | Engadget
Russia bans crypto mining in multiple regions, citing energy concerns

The Russian government has banned crypto mining in ten regions for a period of six years, according to reporting by the st

Dec 24, 2024, 5:50:10 PM | Engadget
Engadget's Games of the Year 2024

This year may not have been as jam packed as 2023 was for gaming, but there were still plenty of amazing new releases. Whether you love a good indie or a big-budget production, this year had you co

Dec 24, 2024, 3:40:05 PM | Engadget