NEWS9 August 2023

Electoral Commission falls victim to cyber attack

GDPR News Public Sector UK

UK – The UK Electoral Commission has apologised after admitting it has been the victim of a cyber attack where hackers were able to access personal data.


In a statement, the Electoral Commission said that hostile actors had first accessed its systems in August 2021 and accessed the commission’s servers and were able to access reference copies of the electoral register.

The data included the name and address of anyone in the UK who registered to vote between 2014 and 2022 as well as the names of registered overseas voters, with the commission’s email system also accessible during the attack.

The incident was identified in October 2022 when suspicious activity was detected on the commission’s systems.
The Electoral Commission said the attack has not had an impact on the electoral process, nor has it affected anyone’s electoral registration status.

The statement from the Electoral Commission said: “We understand the concern this attack may cause and apologise to those affected.

“Since the attack was discovered, we have worked with security specialists to investigate the incident and have taken action to secure our systems and reduce the risk of future attacks.

“It is our assessment that the information affected by this breach does not pose a high risk to individuals and this notification is being given due to the high volume of personal data potentially viewed or removed during the cyber-attack.”

The Information Commissioner’s Office (ICO) said the Electoral Commission had contacted it regarding the cyber attack.

“We recognise this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency,” the ICO said in a statement.

Rachel Aldighieri, managing director at the Data & Marketing Association UK, said: “High-profile data breaches like this, rooted in a lack of communication and transparency, risk damaging the tireless work our industry has put in to build people’s trust.

“This situation highlights the importance all businesses should place on the security of customers’ data and the need to build in safeguards to protect it.

“Data, and consumers’ willingness to share it, is a fundamental part of the digital economy, so maintaining its security must be a business imperative – this message should forever resonate with businesses.”