The British Electoral Commission announced on the 8th that it suffered a cyber attack in August 2021. The attacker obtained the register containing the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the number of registered voters. names and overseas voters.
In a statement released by the Election Commission via its website, the election watchdog said that while attackers first accessed the electoral register and the commission's email system in August, it will not be until October 2022 after the electoral authority becomes aware of the situation. , the hack was discovered by sending suspicious patterns of login requests to its systems.
The commission said that while it was "unable to conclusively determine" which information was accessed, the personal data most likely to be accessed included names, addresses, email addresses and any other personal data emailed to the commission or held on the website and electoral register.
However, with a large part of the UK electoral system still paper-based, it is difficult to use cyberattacks to influence the electoral process.
The committee also sought to reassure those who may have been affected by the breach, noting that the hack did not affect individuals' ability to participate in the democratic process, nor their current registration status or eligibility to vote.
We regret that we did not take adequate protective measures to prevent this cyber attack.
Since the discovery of this attack, significant steps have been taken to improve the security, resiliency and reliability of our IT systems with the support of experts. Election Commission chief executive said in a statement.
As required by law, the Electoral Commission notified the Information Commissioner's Office (ICO) within 72 hours of discovering the breach, and the ICO is currently investigating the incident.
In a statement, an ICO spokesperson said: "We have been contacted by the Election Commission regarding this incident and we are currently investigating. We recognize that this news may cause panic to those concerned that they may have been affected, and we Want to reassure them. We are urgently investigating the public."
attacker unknown
Those responsible for the attack remained unclear, and the commission said no group or individual had claimed responsibility for the breach.
While it was only a matter of time before the UK electoral register was hit by a cyberattack, it was more worrying that the attack went undetected for 15 months, according to global cybersecurity consultants at internet security firm ESET.
"Cybercriminals work best in stealth mode, but rarely go undetected for such a long time," he said in comments emailed to reporters. It's sad to have to enter and conduct such a lengthy search."
The Electoral Commission said a number of steps needed to be taken before the public was notified of the attack.
"We need to remove these actors and their access to our systems," the council said in a statement. We also need to take additional security measures to prevent any similar attacks in the future.