Security News

UK Electoral Commission slapped for basic cybersecurity fails
2024-07-31 08:30

The UK's Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to around 40 million voters. Official documents from the Information Commissioner's Office say the people responsible for the 2021 cyberattack on the Electoral Commission's Microsoft Exchange Server are unknown.

UK govt links 2021 Electoral Commission breach to Exchange server
2024-07-30 12:00

The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.

UK Electoral Commission Hacked
2023-08-16 11:17

The UK Electoral Commission discovered last year that it was hacked the year before. That's fourteen months between the hack and the discovery.

Electoral Commission had internet-facing server with unpatched vuln
2023-08-11 11:47

The hacking of the UK's Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert. Earlier this week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK. It appears the Electoral Commission was running Microsoft Exchange Server with Outlook Web App facing the internet, and was vulnerable to an exploit known as ProxyNotShell at the time that suspicious activity was first detected on the Commission's systems in October 2022.

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons
2023-08-09 10:22

The U.K. Electoral Commission on Tuesday disclosed a "Complex" cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. The intrusion enabled unauthorized access to the Commission's servers hosting email, control systems, and copies of the electoral registers it maintains for research purposes.

UK voter data within reach of miscreants who hacked Electoral Commission
2023-08-08 15:52

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems. In a public notice on its site, the Commission said that the intrusion was identified in October 2022, after suspicious activity was detected on its systems, but that it was clear that the attackers had first accessed those systems more than a year earlier, in August 2021.

UK Electoral Commission data breach exposes 8 years of voter data
2023-08-08 14:06

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.