The Electoral Commission recently announced it had become a victim of a ‘complex cyber attack’ which has the potential to affect millions of UK voters.
In a statement issued on 8 August 2023 the Electoral Commission revealed the attack took place in October 2022 after ‘suspicious activity was detected’ on their systems. During the attack the hackers gained access to servers which hold email addresses, control systems and copies of the electoral registers.
The Commission have disclosed that personal data listed below has been accessed during the incident:
- Personal data contained in email system of the Commission:
- Name, first name and surname.
- Email addresses (personal and/or business).
- Home address if included in a webform or email.
- Contact telephone number (personal and/or business).
- Content of the webform and email that may contain personal data.
- Any personal images sent to the Commission.
- Personal data contained in Electoral Register entries:
- Name, first name and surname
- Home address in register entries
- Date on which a person achieves voting age that year.
It is estimated the Electoral Commission holds around the details of around 40 million people, and the data affected includes those who registered to vote between 2014 – 2022, people who opted to keep their details off the public register and overseas voter details.
In the 8 August statement the Commission states the hack ‘does not present a high risk to individuals. It is possible however that this data could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behaviour or to identify and profile individuals.’
Reassurance has been issued that there is no impact on the electoral process and that it has not affected the democratic rights of any individual, or any persons electoral registration status.
Working with the National Cyber Security Centre (NCSC), the Electoral Commission have also taken steps to secure all systems against future attacks.