The Electoral Commission of Britain has disclosed a sophisticated cyber attack carried out by hostile actors, revealing that internal emails and copies of voter data were compromised.
The commission, responsible for overseeing elections and regulating political finance, announced the incident on Tuesday, shedding light on an attack that took place last year, Reuters news report said.
While the identity of the hostile actors remains undisclosed, the incident serves as a reminder that democratic institutions in the UK remain vulnerable to cyber threats. The hackers gained access to servers housing email correspondence, control systems, and copies of electoral registers.
Electoral security has emerged as a prominent concern globally, particularly following revelations of Russia’s interference in the 2016 U.S. presidential election in support of Donald Trump’s campaign. Similar concerns have been raised about foreign interference in other significant votes, such as the 2014 Scottish independence referendum and the Brexit referendum.
Shaun McNally, Chief Executive of the Electoral Commission, acknowledged that while they know which systems were accessed by the hackers, the full extent of the data breach remains uncertain. He emphasized that the successful attack underscores the continued vulnerability of organizations involved in elections and highlights the necessity for sustained vigilance.
It was revealed that much of the compromised data, including names, addresses, and information about voters registered between 2014 and 2022, was already publicly available. The intrusion was first detected in August 2021, with the incident officially identified in October 2022.
In response to the growing threat of foreign interference, Britain established a ministerial taskforce in November of the previous year. Additionally, the recently enacted national security law empowers authorities to impose stricter penalties for such cyber offenses.
The Electoral Commission collaborated with Britain’s National Cyber Security Centre (NCSC) and external experts to investigate the breach. As part of the response, security enhancements have been implemented to safeguard the commission’s IT infrastructure from future cyber threats.
