40+ Million Voters Affected By Cyber Attack On UK Electoral Commission

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

The UK Electoral Commission revealed this week that hackers had infiltrated its voting infrastructure, resulting in a data breach affecting over 40 million voters.

What’s troubling is the severity of the breach and how long it took before it was discovered. Perpetrated back in August 2021, the large-scale breach remained undiscovered for over a year.

It was finally uncovered in October 2022, but only released to the public this week. The Electoral Commission cites its duty to Articles 33 and 34 of the UK General Data Protection Regulation (GDPR) to reveal this information.

The leaked data includes private information, including email addresses, phone numbers, full names, home addresses, ages, and even identifiable pictures of users. Some, but not all, of this information was already available in the public domain.

Hackers managed to access reference copies of the electoral registers, claims the report made by the Electoral Commission.

“The registers held at the time of the cyber-attack include the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters,” it reads.

Fortunately, those who registered to vote anonymously didn’t have visible data to take.

The Information Commissioner’s Office reviewed the severity of the breach and stated that the leaked information “does not in itself present a high risk to individuals,” however, when combined with other information in the public domain, it could present higher risks.

That said, it has stated that no immediate actions need to be taken by anyone affected by the breach, and much of the information that was leaked was already available to the public domain.

“We have taken steps to secure our systems against future attacks and improved our protections around personal data,” states the Electoral Commission.

No information about how the attack was accomplished was revealed in their report.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."

Leave a Comment