The Electoral Commission Details

    Organization Logo

    The Electoral Commission

    London143 employees • Governments

    United Kingdom

    Industry

    Governments

    Security Incidents

    1

    In the United Kingdom, the Electoral Commission is the national election commission, created in 2001 as a result of the Political Parties, Elections and Referendums Act 2000. It is an independent agency that regulates party and election finance and sets standards for how elections should be run.

    Security Incidents

    The Electoral Commission Breach of Oct 2022
    Severity Score
    Significant to High

    Type

    Malware Attack

    Summary

    The Electoral Commission experienced a significant cyber-attack that was identified in October 2022, although it was later determined that the attackers first accessed the systems in August 2021. The attackers were able to access the Commission's servers, including email systems and reference copies of the electoral registers. The compromised data included names, addresses, and voting records of individuals registered to vote in Great Britain between 2014 and 2022, as well as overseas voters during the same period, and Northern Ireland voters registered in 2018.

    Severity

    The cyber-attack on the Electoral Commission revealed that hostile actors had accessed the Commission’s systems over a period of more than a year, starting from August 2021. The attackers gained entry to servers holding sensitive information, including email systems and copies of the electoral registers, which contained names, addresses, and other personal details for registered voters across various years and regions.

    Despite the extensive nature of the compromised data, the stolen information mainly consisted of data already available in public records. The incident did not disrupt the elec...
    Show more

    Impact

    Hostile actors accessed critical systems, including email servers and electoral registers, gaining access to a vast amount of personal data. This data exposed included names, addresses, and email information of individuals registered to vote in Great Britain between 2014 and 2022, and specific entries for Northern Ireland in 2018.

    Additionally, the perpetrators could access email contents, including any personal data shared within those messages, which may have included sensitive information such as medical conditions or financial details. Although the breach did not affect the integrity of ...
    Show more