UK (Parliament Politic Magazine) – The UK’s elections watchdog has recently disclosed that it fell victim to a sophisticated cyber-attack, potentially impacting millions of voters. According to the Electoral Commission, unidentified malicious actors successfully breached their security measures, gaining unauthorized access to copies of the electoral registers dating back to August 2021.
In addition, these hackers managed to infiltrate the commission’s email accounts and control systems, although the attack went undetected until October of the previous year.
In light of this breach, the watchdog has issued a warning to the public, urging them to remain vigilant against any unauthorized use of their personal information.
Hackers Have Obtained Copies Of Registers
In a public statement, the commission revealed that the hackers were able to obtain copies of the registers, which were being held for research purposes and to conduct verifications on political donors. Shaun McNally, the Chief Executive Officer, acknowledged that while they were aware of the systems that were compromised, they could not definitively determine which files may have been accessed.
The watchdog has reported that the information it possessed at the time of the attack comprised the names and addresses of individuals in the UK who registered to vote between 2014 and 2022. This encompasses those who chose to keep their details off the open register, which is not accessible to the public but can be obtained by credit reference agencies, for instance.
Additionally, the accessed data included the names, but not the addresses, of overseas voters, according to the watchdog. However, it clarified that the data of individuals who qualified to register anonymously, due to safety or security concerns, was not compromised.
The commission acknowledges the challenge of accurately determining the number of individuals who may be affected, but it estimates that each year’s register contains the information of approximately 40 million people.
Sophisticated Cyber Attack Exposes Personal Data: Commission Takes Swift Action
The commission has recently experienced a highly sophisticated cyber attack that compromised personal data stored in its registers, specifically names and addresses. While this information alone does not pose a significant risk to individuals, there is a possibility that it could be combined with other publicly available data to identify and create profiles of individuals.
Although the exact timeline of the attack’s termination has not been disclosed, the commission assures that immediate action was taken to secure its systems as soon as the breach was detected in October 2022.
In explaining the reason behind the delayed public announcement, the commission emphasizes the importance of first neutralizing the hackers’ access, thoroughly investigating the extent of the incident, and implementing additional security measures.
Organization Is At Further Risk
Commission chair John Pullinger defends this approach, stating that disclosing a vulnerability before sealing it off would only expose the organization to further risks.
“He further stated that the hackers were unable to modify or erase any data within the electoral registers, which are maintained by registration officers nationwide.
The notice also clarified that the system containing information about donations and loans to political parties and registered campaigners remained unaffected by this incident.
Mr. McNally expressed his understanding of the public’s concerns and extended his apologies to those impacted.
Additionally, the commission has implemented measures to fortify its systems against future attacks. These include updating login requirements, enhancing the alert system, and revising firewall policies. The Information Commissioner’s Office, responsible for data protection in the UK, has initiated an urgent investigation into the matter.
Read More: From Beijing to Brick Lane: Chinese Political Slogans Take Over London’s Art Scene
There Is A Need For Comprehensive Investigation
Angela Rayner, Labour’s deputy leader, emphasized the need for a comprehensive investigation into this grave incident to ensure valuable lessons are learned.” On paper, this situation is extremely serious.
One of the greatest fears in the democratic world is hackers meddling in elections.
Fortunately, the commission has stated that in this particular case, the cyber intruders did not have any impact on elections or anyone’s registration status.
For those who support the UK’s manual voting system, this attack will undoubtedly strengthen their argument against adopting e-voting in the future. Supporters often assert that pen and paper cannot be hacked when discussions about modernization arise.
The fact that the hackers managed to infiltrate the Electoral Commission’s systems as early as August 2021 suggests that this was not a typical criminal hacking operation aimed at making a quick profit through extortion.