The Electoral Commission (EC) has revealed it was the victim of a “complex cyber-attack” first identified in October 2022, with unidentified hackers gaining access to private servers holding email records, control systems, and copies of the electoral registers. The EC admit this includes the names and addresses of those registered to vote between 2014 and 2022, along with the Commission’s internal email database …

Electoral Commission Chief Executive Shaun McNally apologised for the breach this afternoon, admitting the EC didn’t have “sufficient protections” in place at the time. Worrying to say the least…

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.”

The Commission say they’ve since upgraded their IT systems and security measures. You’d hope so – this sort of thing is becoming more common…