"HOSTILE actors" hacked the Electoral Commission (EC) for over a year and gained access to details of tens of millions of voters, it has been revealed.
The elections watchdog revealed on Tuesday it had been targeted in a cyber attack but it was “not able to know conclusively” what information was accessed.
The EC insisted that as elections in the UK are largely paper-based it would be “very hard” for hackers to influence the outcome of a vote, but apologised for the breach in its systems.
READ MORE: 'Major breakthrough' in Jagtar Singh Johal case after court ruling
The breach was identified in October 2022, but the hackers had first gained access to the system in August 2021.
The registers accessed included information on those who in the UK were registered to vote between 2014 and 2022, including names and addresses, as well as the names of those registered as overseas voters.
The hackers were able to access reference copies of electoral registers, held by the Electoral Commission for research purposes and to enable permissibility checks on political donations.
The commission’s email system was also accessible during the attack.
Shaun McNally, EC chief executive, said: “The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.
“This means it would be very hard to use a cyber attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.”
McNally admitted that while the EC knows which systems were accessible to hackers, they could not define “conclusively” which files may or may not have been accessed.
“We regret that sufficient protections were not in place to prevent this cyber attack,” he said.
READ MORE: Lee Anderson branded 'pound shop Enoch Powell' for anti-migrant call
“Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.
“We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.
“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”
The register for each year holds the details of around 40 million individuals, which were accessible to the hostile actors, although this includes people on the open registers, whose information is already in the public domain.
The National Cyber Security Centre said it had provided the commission with expert advice and support.
READ MORE: Downing Street defends Lee Anderson's 'f*** off' asylum seekers comments
A spokeperson said: “Defending the UK’s democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems.”
The Information Commissioner’s Office said it was looking into the incident.
“We recognise this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency,” a spokesperson said.
“In the meantime, if anyone is concerned about how their data has been handled, they should get in touch with the ICO or check our website for advice and support.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel