Hackers may have stolen millions of voters' details in electoral register attack
By Lewis Denison, Westminster Producer
The UK's elections watchdog has been hacked by "hostile actors" who gained access to electoral registers, meaning the personal information of tens of millions of voters could have been stolen.
The Electoral Commission revealed it had been hacked but was “not able to know conclusively” what information was accessed.
What information could hackers have stolen?
Name, first name and surname
Email addresses (personal and/or business)
Home address
Contact telephone number (personal and/or business)
Contents emails that may contain personal data
Any personal images sent to the Commission
Who could have had their information stolen?
Anyone registered to vote between 2014 and 2022
Anyone registered as an overseas voter
Those who registered to vote anonymously were not affected.
The Electoral Commission said it understands the "concern this [news] may cause" but reassured that "much of this data is already in the public domain".
It revealed the attack today, but first became aware of the security breach in October 2022 and has since learned hackers had access to its servers from August 2021.
But it is still not clear who was behind the attack.
The Electoral Commission has apologised and said security improvements have been since the hack was identified.
Electoral Commission chief executive Shaun McNally said: “We regret that sufficient protections were not in place to prevent this cyber attack.
“Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.”
He added: “We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.
“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”
A National Cyber Security Centre spokesman said: “We provided the Electoral Commission with expert advice and support to aid their recovery after a cyber incident was first identified.
“Defending the UK’s democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems.”
The Information Commissioner’s Office, the UK's independent body set up to uphold information rights, said it was looking into the incident.
“We recognise this news may cause alarm to those who are worried they may be affected and we want to reassure the public that we are investigating as a matter of urgency,” a spokesman said.
“In the meantime, if anyone is concerned about how their data has been handled, they should get in touch with the ICO or check our website for advice and support.”
Labour’s deputy leader Angela Rayner said: “This deeply concerning attack serves as a reminder of the critical importance of Britain’s resilience to cyber-attacks.
“Our democracy is a foundation of our society and every effort must be made to protect it.
“This serious incident must be fully and thoroughly investigated so lessons can be learned.”
Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know...