U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

2023-08-09 10:22

The U.K. Electoral Commission on Tuesday disclosed a "Complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people.

The intrusion enabled unauthorized access to the Commission's servers hosting email, control systems, and copies of the electoral registers it maintains for research purposes.

The registers included the name and address of anyone in the U.K. who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

It's not clear why the disclosure was delayed by another 10 months, but the Commission told the BBC and The Guardian that it was done to stop the adversary's access, investigate the extent of the breach, and enforce security guardrails.

The Commission also noted that the accessed data could be combined with other details that are already available in the public domain to "Infer patterns of behavior or to identify and profile individuals."

It also emphasized that the attack has no impact on the electoral process or electoral registration status, and that the data held in its email servers is unlikely to pose a risk to people unless any sensitive information was shared in those messages.

News URL

https://thehackernews.com/2023/08/uk-electoral-commission-breach-exposes.html

#breach #electoral