Exposed and Vulnerable: Electoral Commission Faces Scrutiny Over Cyber Security Lapses After Massive Voter Data Breach

The Information Commissioner's Office has criticized the Electoral Commission for not maintaining adequate cyber security measures, particularly noting outdated servers and passwords, which left their systems susceptible to hacker attacks.

Political journalist @NifS

Tuesday, July 30, 2024, 1:

The Electoral Commission has faced criticism for its inadequate cyber security measures following a breach that compromised the information of approximately 40 million voters.

The breach occurred in August 2021, when cybercriminals infiltrated the agency's servers and took advantage of a previously identified vulnerability in the software, which had not been patched despite being discovered several months earlier.

Consequently, the offenders were able to obtain voter information such as names and addresses, and this breach went undetected and unresolved for more than a year.

At the start of the year, authorities accused actors linked to the Chinese state of orchestrating a harmful cyber assault. However, a representative from the Chinese embassy dismissed these allegations as entirely baseless.

Live Politics: Hunt Responds to Reeves Calling Him a 'Liar'

For an optimal video playback experience, it is recommended to use the Chrome browser

The Information Commissioner's Office (ICO) has concluded its probe into the commission's activities, issuing a formal warning to the agency today for its failure to secure its systems, thereby leaving them susceptible to cyber attacks.

According to the report from the ICO, the commission failed to implement sufficient security protocols to safeguard the personal data in its possession. Specifically, it neglected to update its servers with the most recent security patches, which had been available for several months prior to the breach.

Stay informed with the most recent updates from the UK and international news by tuning into Sky News.

The study additionally noted that, at the time of the breach, the commission "lacked adequate password protocols," as numerous employees continued to use their initial default passwords.

Stephen Bonner, Deputy Commissioner for the ICO, stated, "Millions of individuals entrust their personal details to the Electoral Commission, anticipating that their information will be securely managed."

"Had the Electoral Commission implemented fundamental security measures, including proper updates and password protocols, it's probable that the breach could have been avoided."

"Failing to quickly implement the most recent security patches left its systems open and susceptible to cyber attacks."

Mr. Bonner stated that despite a significantly large number of individuals being affected, the ICO has found no indication that any personal data was improperly utilized, nor is there any proof that the breach has directly resulted in harm.

He mentioned that the commission has already "implemented the required measures" to enhance its cyber security.

Get further details from Sky News: Reeves accuses Hunt of lying while the Chancellor suggests possible tax increases.

Stay updated with the latest Breaking News

Download the Sky News application at no cost

A spokesperson for the Electoral Commission expressed regret, acknowledging that adequate safeguards had not been established to thwart the cyber attack on the commission.

The commission stated that since the attack, it has implemented modifications to its strategies, systems, and procedures to enhance the security and robustness of its frameworks, with the changes being sanctioned by authorities such as the ICO. Additionally, the organization plans to keep investing in additional security measures.

Associated Subjects

Footer of Sky News

Information on Sky News

Services Provided by Sky News

Sky Networks

Additional Sky Websites