On Tuesday, 8 August, the Electoral Commission issued a public notification confirming that the organisation had suffered a major cyberattack. The data breach, first discovered almost a year ago, resulted in hostile actors gaining access to the data of millions of UK voters, including names and addresses. While the Electoral Commission reported the breach to the Information Commissioner's Office (ICO) and the National Crime Agency in October 2021, today's announcement is the first time the public has been informed. The largely paper-based process of elections makes it difficult for the attackers to influence the outcome of a vote, but the commission acknowledged that voters may still be concerned. The attackers were able to access reference copies of the electoral registers and the commission's email system.
In a statement responding to the news, a spokesperson for the ICO said, "The Electoral Commission has contacted us regarding this incident and we are currently making enquiries. We recognise this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency."
In a related post in The Guardian, experts commented that the sophistication of the attack suggests a state-backed entity, with Russia being at the top of the list. The concern is that the data accessed in the hack could potentially be used by state-backed actors to target voters with disinformation. This is a major concern, as the electoral register data could be combined with other leaked datasets to create a more comprehensive picture of potential targets.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.