Incident & Breach Response
,
Security Operations
Agency Detected the Incident in October 2022 – Over 1 Year After the Hack
The U.K. Electoral Commission suffered a “complex cyber-attack” in 2021, resulting in hackers accessing sensitive voter information.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
In a statement released Tuesday, the commission said the agency had detected the hack in October 2022, almost one year after the attackers compromised its network in August 2021.
Shaun McNally, the Electoral Commission’s chief executive officer, said the attack had resulted in hackers accessing copies of electoral register files that the agency uses for research purposes. The files contained information such as names and details of individuals registered to vote between 2014 and 2022.
“The Commission’s email system was also accessible during the attack,” McNally said. “We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.”
The commission did not disclose further details on the nature of the hack, but it said there is no evidence that the exfiltrated data has been “copied, removed or published online.” The agency added that it had worked with the U.K.’s National Cyber Security Agency to investigate the incident further.
In an emailed response, the NCSC refused to disclose more information regarding the hack, adding that the agency had assisted the commission in its recovery process.
A spokesperson for the Information Commissioner’s Office said the commission had notified the data regulator within the 72-hour deadline for breach notifications. The data regulator requested that individuals who fear their data could have been compromised in the hack contact the ICO or check its website “for advice and support.”
The disclosure of the hack comes just days after the government warned of increased cyberthreats to the country’s critical infrastructure, such as voting systems, to decrease “public trust in the government” and disrupt “democratic processes (see: UK Sounds Warning Over Targeted Healthcare Attack).