The Electoral Commission has revealed it was hit by a complex cyber-attack during which hackers gained access to copies of electoral registers.

The UK elections watchdog said that the incident was identified in October 2022 after suspicious activity was detected on its systems. It added that hostile actors had first accessed the systems in August 2021.

The hackers gained entry to the commission’s servers and were able to access the names and addresses of any UK citizens registered to vote between 2014 and 2022. They were also able to steal the names of people registered as overseas voters but did not have access to the details of anyone registered anonymously.

The commission said that the data it holds is limited and it is unlikely to present a high risk to individuals, however it warned that the information could be combined with other details in the public domain.

Anyone who has been in contact with the commission or who was registered to vote should remain vigilant for unauthorised use of their personal data, said the regulator.

The commission explained that it has been working with the National Cyber Security Centre and other external security experts to investigate and secure its systems.

As a result of the attack, it has strengthened its network login requirements, improved its monitoring processes and updated firewall policies, it added.

In a statement the commission said: “We understand the concern this attack may cause and apologise to those affected. Since the attack was discovered, we have worked with security specialists to investigate the incident and have taken action to secure our systems and reduce the risk of future attacks.

“It is our assessment that the information affected by this breach does not pose a high risk to individuals and this notification is being given due to the high volume of personal data potentially viewed or removed during the cyber-attack.”

Share Story: