The Electoral Commission is responsible for supervising elections in the country, and it confirmed on Wednesday that it had detected suspicious activity on its network in October 2022. However, it was later discovered that unidentified “hostile actors” had gained access to its systems over a year earlier, in August 2021.
The regulatory body says that the attack was detected and reported to the Information Commissioner’s Office (ICO) and the National Crime Agency within 72 hours.
The Electoral Commission has stated that they cannot confirm what information was accessed. However, it has only recently been made public that the electoral registers, which hold the information of millions of voters, may have been accessible during that time.
There are suspicions that Russia was responsible for this cyber attack. The UK intelligence services have discovered evidence linking the Electoral Commission hack to Russians. Two former intelligence chiefs have suggested that Russia is likely the primary suspect. Additionally, there were signs of ransomware, a type of software that can restrict access to files.
The Electoral Commission has taken various steps to ensure the security of its systems after discovering a hack. The Commission had to lock out any “hostile actors,” assess the extent of the breach, and implement additional security measures to prevent similar incidents from happening in the future.
The commission stated that the data in the electoral registers is limited, and much of it is already in the public domain, so the data alone poses a significant risk to individuals, as per the officials. However, the Commission cautioned that the data could be combined with other information in the public domain, such as personal information shared by individuals, to infer behaviour patterns or identify and profile individuals.