top of page

U.K. Electoral Commission Discloses "Complex" Cyber Attack Impacting 40 Million Voters

Recently, the U.K. Electoral Commission made public an intricate cybersecurity attack that penetrated its defenses and remained unseen for over 12 months. The hands behind this cyber assault were successful in procuring valuable voter information for a staggering number of 40 million individuals. It was only after spotting some abnormal activities within its infrastructure that the commission discovered the breach in October 2022, although the initial breach can be traced back to August 2021.

This unauthorized infiltration allowed the unknown cyber adversaries unrestricted access to the organization's servers, email systems, control mechanisms, and also copies of electoral registers reserved primarily for research purposes. Despite the uncertainty around the identities of the invaders, it is apparent they had access to the names and addresses of all U.K. voters who registered between 2014 and 2022, not excluding those who registered abroad. However, the anonymous registrants and the addresses of overseas electors outside of the U.K. were exempted from the databases that were infiltrated.

The details exposed as a result of the cyber incident are numerous. There seems to be an unexplained delay of ten months in disclosing this attack. Speculations suggest that the commission may have employed this period to block the intruder's access, explore the scope of the infringement, and reinforce security measures.

Additionally, the commission warns that acquired data can be collated with public domain information to draw behavior patterns or create individual profiles. Despite the serious incident, the commission reassured the public, emphasizing that the electoral process or voter registration status has not been impacted by the attack. Furthermore, the email server's stored data is unlikely to be a threat unless it contains sensitive content.

Hence, anyone who corresponded with the commission or registered to vote during the period from 2014 to 2022 must exercise caution against unauthorized use or exposure of their personal information. In response to this incident, the commission has implemented protective measures against future cyberattacks. It is paramount for everyone to stay informed, vigilant, and proactive when it comes to cybersecurity, which is why we advocate receiving regular updates and tips about cybersecurity.

At Darksteel Technologies, we are an Orlando-based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design, and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.


bottom of page