Cyber attack

Cyber attack targets Electoral Commission

The Electoral Commission announced yesterday afternoon that it was subject to a complex cyber-attack, with the UK’s democratic process and institutions remaining a target for hostile actors online.

The organisation confirmed that the attack was identified in October 2022 with suspicious activity being detected on its systems. It was then discovered that the perpetrators had first accessed the systems in the summer of 2021, with the Commission working alongside external security experts and the National Cyber Security Centre since, to secure the systems.

Speaking about the breach, Chief Executive of the Electoral Commission Shaun McNally, said:

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.”

Reference copies of the electoral registers were accessed through the attack, with these being held by the Commission to conduct research and enable permissibility checks on political donations. Anyone who registered to vote between 2014 and 2022 had their name and address held on these registers, as well as any overseas voters, however those who registered anonymously were not on the register. The email system used by the Commission was also accessed during the breach.

McNally continued:

“We know which systems were accessible to the hostile actors but are not able to know conclusively what files may or may not have been accessed.

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers being accessed and apologise to those affected.”

To learn more about cyber security across the public sector, register for PSE's Cyber Security event on the 14th September. The event will bring together, key figures and thought leaders in cyber security to discuss ideas and thoughts as to how to overcome the challenge of public sector cyber security.


Image credit: iStock


PSE April/ May 2024

Alarming decline in UK costal water quality

Dive into our latest edition for April/May 2024!


More articles...

View all
Online Conference


2024 Online Conferences

In partnership with our community of public sector leaders responsible for procurement and strategy across local authorities and the wider public sector, we’ve devised a collaborative calendar of conferences and events for leaders of industry to listen, learn and collaborate through engaging and immersive conversation.

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

Public Sector Executive Podcast

Ep. 53 Compassion and Co-operation - Dr Nik Johnson

For the 53rd episode of the Public Sector Executive Podcast, Mayor of Cambridgeshire and Peterborough, Dr Nik Johnson, spoke to host Dan Benn about some of the most important issues facing his region, as well as what drives him as a leader.