The UK Electoral Commission recently disclosed a cyber breach that went unnoticed for over a year. The Commission, responsible for overseeing elections and regulating political finance, revealed that “hostile actors” infiltrated its servers in August 2021, compromising data of nearly 40 million UK voters. The breach wasn’t discovered until October 2022.
The attackers accessed the Commission’s email, control systems, and copies of electoral registers. The British GCHQ security agency found ties to Russian hackers and malware designed to lock users out of files. The compromised data encompassed names and addresses of UK voters registered from 2014 to 2022, including overseas voters.
The delay in public disclosure was attributed to the secrecy of the ongoing investigation and countermeasures. The Commission stated the need to eliminate the threat, assess the damage, and collaborate with the National Cyber Security Centre before making the incident public.
David Bicknell, Principal Analyst at GlobalData, expressed concerns over the cyber governance of UK’s public bodies. He questioned the Commission’s cybersecurity priorities and the quality of technical advice they received. “Which organization advised the Commission on its cybersecurity measures?” Bicknell asked, emphasizing the Commission’s crucial role in elections.
Electoral Commission CEO, Shaun McNally, expressed regret over the inadequate safeguards. He acknowledged the persistent threat to election-related organizations from hostile nations. However, he noted the UK’s election process’s resilience due to its dispersed nature and reliance on manual counting.
The incident has sparked debates about the fragmented state of government IT security, prompting concerns about other public bodies’ cyber readiness.
Source: Australian Cybersecurity Magazine
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.