Cyber attack

Cyber attack targets Electoral Commission

The Electoral Commission announced yesterday afternoon that it was subject to a complex cyber-attack, with the UK’s democratic process and institutions remaining a target for hostile actors online.

The organisation confirmed that the attack was identified in October 2022 with suspicious activity being detected on its systems. It was then discovered that the perpetrators had first accessed the systems in the summer of 2021, with the Commission working alongside external security experts and the National Cyber Security Centre since, to secure the systems.

Speaking about the breach, Chief Executive of the Electoral Commission Shaun McNally, said:

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.”

Reference copies of the electoral registers were accessed through the attack, with these being held by the Commission to conduct research and enable permissibility checks on political donations. Anyone who registered to vote between 2014 and 2022 had their name and address held on these registers, as well as any overseas voters, however those who registered anonymously were not on the register. The email system used by the Commission was also accessed during the breach.

McNally continued:

“We know which systems were accessible to the hostile actors but are not able to know conclusively what files may or may not have been accessed.

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers being accessed and apologise to those affected.”

To learn more about cyber security across the public sector, register for PSE's Cyber Security event on the 14th September. The event will bring together, key figures and thought leaders in cyber security to discuss ideas and thoughts as to how to overcome the challenge of public sector cyber security.


Image credit: iStock

PSE August/September 2023

PSE August/September 2023

London mayor assisting with creative COVID recovery

Our  August/September 2023 edition of PSE brings you expert comment and analysis on a range of key public sector topics, from EV infrastructure to Digital transformation and reducing carbon emissions.


Learn how the role of local government in leading the data revolution or read all about the Manchesters landmark housing scheme, alongside so much more…


View all videos
#PSE365: Public Sector Events

Be A Part Of It!

PSE365: Public Sector Virtual Events

PSE has created a full calendar of events to address the most important issues that influence the delivery of public sector services. 


Over 365 days you’ll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with knowledge and unique insight to enable you to overcome the challenges that you face.


See our full events calendar and register now! 

Public Sector Executive Podcast

Ep. 44
LGBT in the workplace
with Carl Austin Behan

In episode 44 of the Public Sector Executive Podcast, host Dan Benn was joined by former Lord Mayor of Manchester, Carl Austin-Behan OBE. Carl spoke about everything ranging from his time in the RAF, being Manchester’s first openly gay Lord Mayor, and the important work he does now, with the LGBT Foundation.

More articles...

View all