Cyber attack on UK’s electoral registers revealed

The UK’s elections watchdog has revealed it has been the victim of a “complex cyber-attack”.

The Electoral Commission said unspecified “hostile actors” had managed to gain access to copies of the electoral registers, from August 2021.

Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year.

The watchdog has warned the public to be “vigilant for unauthorised use or release of their personal data”.

In a public notice, it said the information it held at the time of the attack included the names and addresses of people in the UK who registered to vote between 2014 and 2022.

This includes those who opted to keep their details off the open register – which is not accessible to the public but can be purchased, for example by credit reference agencies.

However, the data of people who qualified to register anonymously – for safety or security reasons – was not accessed, the watchdog said.

The commission added that people who registered to vote during the seven-year period should remain “vigilant for unauthorised use or release of their personal data”.

Chief executive officer Shaun McNally said he understood public concern and would like to apologise to those affected.

The commission added that it had taken steps to secure its systems against future attacks, including by updating its login requirements, alert system and firewall policies.

The Information Commissioner’s Office, which is responsible for data protection in the UK, said it was urgently investigating.