Voter data breach in the UK prompts worries about electoral security

The UK’s election watchdog warned on Tuesday, over a year after the breach was detected, that hackers may have information on tens of millions of British voters after gaining access to electoral registers. The names and addresses of persons who registered to vote between 2014 and 2022 were unlikely to be exploited by “hostile actors” to alter election outcomes, the Electoral Commission said in a statement after expressing regret for the breach. However, most of the information was already in the public domain, they said.

Shaun McNally, the commission’s chief executive, said that “the UK’s democratic process is significantly fragmented and key elements of it remain based on paper documentation and counting.” “This means that using a cyberattack to influence the process would be very difficult.” Within three days of learning of the compromise in October, the commission notified the Information Commissioner’s Office.

According to the commission, which was reported by The Guardian, it delayed notifying the public of the assault because it needed to cut off the hackers’ access, assess the scope of the breach, and collaborate with the ICO and National Cyber Security Centre to strengthen security.

Reference copies of the electoral registers used by the commission for research and to determine whether political contributions are permitted were made public thanks to the hack. About 40 million people’s information is stored in each register. The email system used by the commission was also compromised.

The commission is aware of which systems the hackers were able to see, but it is unsure of which data were obtained, according to McNally. Since the hack, the commission’s information technology security has improved, he said. According to the Information Commissioner’s Office, the intrusion is currently under investigation.