In a significant cybersecurity event, the UK Electoral Commission has confirmed being the target of a powerful cyberattack. So-called “hostile actors” were successful in accessing copies of the electoral register, containing the name and address of anyone registered to vote between 2014 and 2022, according to a statement provided by the Electoral Commission on their official Twitter account.
The incident, termed as the largest data breach in British history, has led to a strong response from the Electoral Commission. Chief Executive Sean McNally issued an apology to individuals affected by the data breach, and emphasized that significant steps have been undertaken to enhance the cybersecurity measures of the Electoral Commission’s IT systems.
As per the Electoral Commission’s official statement, the cyber attackers managed to access reference copies of the electoral registers. These records were kept for research purposes and to conduct permissibility checks on political donations. Data of everyone in the UK who registered to vote between 2014 and 2022, and of those registered as overseas voters were included in the breached registers.
Under Articles 33 and 34 of the UK General Data Protection Regulation, the Electoral Commission is obliged to notify those affected by the breach. The UK data protection law mandates that a breach must be reported “not later than 72 hours after becoming aware of it.”
There have been widespread speculations about the responsible parties behind the attack. The Times has reported fears among Chinese, Uighur and Hong Kong dissidents in the UK, that their safety could be at risk if Russia or China is identified as the perpetrator of this attack. Similar insinuations by the Telegraph suggest that UK intelligence services have found evidence connecting the hack to Russia.
In a related cybersecurity event, the Police Service of Northern Ireland inadvertently released data concerning its officers and civilian staff. This breach including details such as officers’ names, ranks, and work locations, has raised concerns regarding officer safety given the volatile political environment in Northern Ireland, and is currently being treated as a critical incident.
The full context of these breaches can be found in the original article on Jurist.