The UK Electoral Commission said Tuesday that it fell victim to a cyberattack and that “hostile actors” were able to access copies of the electoral register, with the name and address of anyone registered to vote between 2014 and 2022. The Electoral Commission’s Chief Executive Sean McNally apologized to people whose information was hacked, saying that significant steps have since been taken to improve the Electoral Commission’s IT systems. The breach has been called the largest in British history.
The Electoral Commission’s statement reads:
[The cyber attackers] were able to access reference copies of the electoral registers, held by the Commission for research purposes and to enable permissibility checks on political donations. The registers held at the time of the cyber-attack include the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
Under Articles 33 and 34 of the UK General Data Protection Regulation, the Electoral Commission has a duty to notify those whose information was compromised in the breach. According to the UK data protection law, someone responsible for reporting a data breach must do so “not later than 72 hours after becoming aware of it.”
The Times reported Thursday that Chinese, Uighur and Hong Kong dissidents in the UK fear that the cyberattack threatens their safety. This is because there are concerns that Russia or China is behind the attack. The Telegraph even alleged that “UK intelligence services have found evidence that links the hack of the Electoral Commission to Russians.”
This comes after the Police Service of Northern Ireland inadvertently released data pertaining to its officers and civilian staff on Monday. The data included officers’ names, ranks and work location. This breach has raised concerns about officer safety given the political situation in Northern Ireland and has now been declared “a critical incident.”