In August 2021 [1] [2] [3] [4] [5] [7] [8], the UK’s Electoral Commission (EC) experienced a security breach that compromised the personal information of 40 million British voters.
Description
The breach, attributed to hackers linked to the Chinese state [6] [9], exploited vulnerabilities in the Commission’s Microsoft Exchange Server [6]. Unauthorized access was gained to voter data from 2014 to 2022, including names and addresses [1] [2]. Overseas voters and those who opted out of the public electoral register were also affected. The breach, undetected for a year, revealed security lapses such as outdated servers and weak password practices.
Conclusion
While no evidence of data misuse or harm was found [8], the breach was disclosed in August 2023 and linked to Chinese threat actors in March 2024 [7]. The Commission has since bolstered security measures, including a technology upgrade and mandatory multi-factor authentication [7]. Although the breach raised concerns about electoral system integrity, voter registration and democratic processes remain unaffected. Notably, a separate campaign targeted UK parliamentarians critical of China [6].
References
[1] https://databreaches.net/2024/07/30/ico-reprimands-the-electoral-commission-after-cyber-attack-compromises-servers/
[2] https://news.sky.com/story/electoral-commission-reprimanded-over-cyber-security-failings-after-major-hack-13187307
[3] https://www.bbc.co.uk/news/articles/c724e12zpndo
[4] https://uk.news.yahoo.com/electoral-commission-reprimanded-over-hack-101510515.html
[5] https://www.ministryoftesting.com/articles/millions-of-uk-voters-data-exposed-electoral-commission-reprimanded-over-cybersecurity-lapse
[6] https://www.computerweekly.com/news/366599512/Basic-failures-led-to-hack-of-Electoral-Commission-data-on-40-million-people
[7] https://www.infosecurity-magazine.com/news/ico-electorial-commission-security/
[8] https://www.aol.co.uk/news/basic-security-failings-left-electoral-100552553.html
[9] https://www.yahoo.com/news/electoral-commission-sloppy-passwords-exposed-132314650.html
