After gaining access to electoral records, hackers may have information on tens of millions of British voters, the U.K.’s election watchdog said on Tuesday, nearly a year after the breach was discovered.
The names and addresses of everyone who registered to vote between 2014 and 2022 were unlikely to be exploited by “hostile actors” to alter election results, according to the Electoral Commission, which apologized for the breach but noted that much of the information was already in the public domain.
Shaun McNally, the commission’s chief executive, stated that “the U.K.’s democratic process is significantly fragmented, and key elements of it remain based on paper documentation and counting.
“This means that using a cyberattack to influence the process would be very difficult.”
Within three days of learning of the compromise in October, the commission notified the Information Commissioner’s Office. According to the commission, which was quoted by The Guardian, it delayed notifying the public of the attack because it needed to cut off the hackers’ access, assess the scope of the breach, and collaborate with the ICO and National Cyber Security Center to strengthen security.
Reference copies of the electoral registers used by the commission for research and to determine whether political donations are permitted were made public thanks to the hack.
About 40 million people’s information is stored in each register.
The email system used by the commission was also compromised. The commission is aware of which systems the hackers were able to view, but it is unsure of which files were accessed, according to McNally.
Since the hack, the commission’s information technology security has improved, he continued. According to the Information Commissioner’s Office, the intrusion is currently under investigation.