The UK Electoral Commission revealed on 8th August 2023 that it suffered a cyber attack that caused unlawful access to electoral registers. According to the Electoral Commission, the cyberattack was discovered in October 2022, although the attackers had gained access to the commission’s system in August 2021. The Commission predicts that the attack may have exposed over 40 million voters’ data.
The hackers gained access to the file-sharing and email systems of the Electoral Commission. This means that the names, addresses, email addresses, and other personal information sent through email to the Electoral Commission as well as people who registered to vote in the UK between 2014 and 2022 were most likely accessed during the cyber attack. The Commission also stated that the data accessed included the names but not the addresses of overseas voters. The details of those who registered anonymously were not included in the registers.
Although the electoral register may have been accessible by the attackers, the Electoral Commission has been unable to confirm if the attackers had read or copied personal data from the system. Likewise, the Commission stated that they do not know who is behind the cyberattack, and so far, no individuals or groups have taken responsibility for it.
What Is the Impact of the UK Electoral Register Cyberattack on Individuals?
According to the data breach risk assessment done by the commission, the personal data stored in the electoral register, usually consisting of names and addresses, presents little to no danger to individuals. However, the data in the electoral register could be used with other public information people share to recognise or identify individuals.
Also, the data breach may pose a major threat if an individual had sent confidential or personal data in an email, as an attachment, or through a form on the commission’s website. Such details might involve personal financial information, medical conditions, gender, or sexuality. The commission also stated that the cyberattack had no impact on anyone’s electoral registration, rights, or access to the democratic process.
Nonetheless, individuals who have interacted with the commission or were registered to vote in the UK between 2014 and 2022 need to look out for the release or unlawful use of their personal information. Individuals must be alert to scam messages, calls, or emails. To ensure protection against various forms of phishing emails, it’s crucial not to click on dubious links or share any personal information, including financial details or passwords. However, according to the commission, much of the data contained in the electoral registers is already in the public domain.
In addition, individuals can opt out of the open electoral register to protect their data, as the addresses of people who opt out of the open register are not available to the public. If sensitive details like financial information have been shared with the Electoral Commission through email, it’s advisable to use free online credit verification tools offered by reputable companies like Experian. These tools also provide online identity protection and monitoring.