UK Electoral Commission hacked, millions of British voters’ data accessible to ‘hostile actors’

The data of millions of British voters was accessible to hackers behina a cyber-attack by “hostile actors” which came to light last year, the United Kingdom Electoral Commission admitted on Tuesday (August 8). According to the independent body, the hackers were able to access internal emails of the commission and copies of voter data in a complex cyber attack.

What do we know about the hack?

The cyber attack, as per the electoral commission, took place in August 2021 but it was not until October 2022 that it was identified. “We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed,” said the Electoral Commission Chief Executive Shaun McNally, in a statement.

The watchdog has also apologised for the security breach and said that the incident was reported to the Information Commissioner’s Office (ICO), as well as the National Crime Agency, back in October.

Speaking about why the public was not informed about the hack, the watchdog chief said that it needed to “remove the actors and their access to our system, assess the extent of the incident, liaise with the National Cyber Security Centre and ICO, and put additional security measures in place before we could make the incident public”.

The attack also involved “a sophisticated infiltration method,” which was why it took so long to detect, said the electoral commission chief.

Data accessed by hackers

The commission said that they were not able to “conclusively” know what information had been accessed but since the election process is largely paper-based it would be very hard for hackers to affect the outcome of a vote.

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process,” said McNally.

However, the attackers were able to access reference copies of the electoral registers which include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The commission’s email system was also accessible to the hackers.

Electoral security concerns

The incident also comes as electoral security has emerged as a key issue in many countries since United States officials found alleged Russian meddling in the 2016 presidential election to favour Donald Trump’s White House bid.

In 2020, a British parliamentary committee also found that Russia allegedly interfered in the 2014 Scottish independence referendum and the Brexit vote.

“The successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections,” said McNally.

He added, “We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it, we have taken significant steps with the support of specialists to improve the security, resilience and reliability of our IT systems.”

(With inputs from agencies)

WATCH WION LIVE HERE

You can now write for wionews.com and be a part of the community. Share your stories and opinions with us here.