Cyber attack breaches electoral commission in UK

A serious hack exposes details of up to 40 million Brits to “hostile actors”.

LONDON: The Electoral Commission today apologised for the data breach that allowed cyber-crooks to access the names and addresses of voters. Hackers first infiltrated the system in August 2021 but it was only discovered more than a year later in October 2022.

Anyone who registered to vote between 2014 and 2022 could have had their info harvested.

Chief Executive Shaun McNally said he does not “know conclusively what files may or may not have been accessed”.

He said: “While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”

But he was adamant there was little risk the saboteurs could influence an election.

He said: “The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.

“This means it would be very hard to use a cyber-attack to influence the process.”

Security buffs from the National Cyber Security Centre have been called in to help bolster the systems.

A spokesman said: “Defending the UK’s democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems.” 

Experts fear the information could be used by fraudsters as “gateway information” to swindle vulnerable Brits.

Caroline Carruthers, CEO at global data consultancy Carruthers and Jackson, said: “The real concern about this data breach is that the information potentially stolen is ‘entry-level data’.

“This means that scammers could use the data stolen to convince vulnerable members of the public that they can be trusted, and use this gateway information to convince individuals to share even more sensitive data such as banking details. 

“We all should now be hyper-cautious of any unsolicited phone calls or knocks at the door from people claiming to know who we are using information that could have been accessed from this breach.”

Comments are closed.