HQ/EMEAFind out how we can help your business
The UK Electoral Commission admitted that they suffered a massive data breach that leaked the personal data of any citizens registered as a voter in the UK between 2014 and 2022.
The Commission’s disclosure comes after its investigation detected the breach and two years after the initial breach.
The Commission explained that they first spotted the attack in October last year. Still, they have also discovered that the threat operators infiltrated their systems at a much earlier date, in August 2021.
The breach against the UK Electoral Commission led to the hackers’ data acquisition.
According to reports, the attackers accessed the UK Electoral Commission servers that store the email, control systems and copies of its electoral registers.
The server’s register contains the name and address of anyone in the UK who registered to vote between 2014 and 2022 at the time of the attack. The attack’s impact has also affected voters that now reside overseas.
Fortunately, registrants who joined the voting anonymously will not suffer the same fate as those who provided their details.
The confirmed voter information registered in the Electoral Commission includes full names, email addresses, home addresses, telephone numbers, the content of the web form, emails that could contain personal data, and personal images sent to the Commission.
The personal data included in the Electoral Register entries are names, first names, surnames, home addresses in register entries, and the date on which a person acquires voting age for that year.
Researchers also believe that the threat actors had accessed the agency’s email server, which could expose any internal and external communications with the Commission.
However, the affected UK agency claims the data breach incident did not affect elections or citizens’ voter registration. Furthermore, the agency underestimated the attack since they said that the hackers had not altered any voter registration and that most of the stolen data was already in the public domain.
Experts still believe that hackers could use the information for other nefarious purposes. UK voters should be vigilant about targeted phishing emails that will bait targets into giving further information, like passwords and financial details.
