Cyber attack targets Electoral Commission

The Electoral Commission announced yesterday afternoon that it was subject to a complex cyber-attack, with the UK’s democratic process and institutions remaining a target for hostile actors online.

The organisation confirmed that the attack was identified in October 2022 with suspicious activity being detected on its systems. It was then discovered that the perpetrators had first accessed the systems in the summer of 2021, with the Commission working alongside external security experts and the National Cyber Security Centre since, to secure the systems.

Speaking about the breach, Chief Executive of the Electoral Commission Shaun McNally, said:

“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting. This means it would be very hard to use a cyber-attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.

“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems.”

Reference copies of the electoral registers were accessed through the attack, with these being held by the Commission to conduct research and enable permissibility checks on political donations. Anyone who registered to vote between 2014 and 2022 had their name and address held on these registers, as well as any overseas voters, however those who registered anonymously were not on the register. The email system used by the Commission was also accessed during the breach.

McNally continued:

“We know which systems were accessible to the hostile actors but are not able to know conclusively what files may or may not have been accessed.

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers being accessed and apologise to those affected.”

To learn more about cyber security across the public sector, register for PSE's Cyber Security event on the 14th September. The event will bring together, key figures and thought leaders in cyber security to discuss ideas and thoughts as to how to overcome the challenge of public sector cyber security.

Image credit: iStock

Public Sector Executive Magazine

POWERING THE FUTURE: Liverpool's Bold Tidal Energy Vision

Dive into our latest issue!

Read Now

Presenting

2025 Online Conferences

In partnership with our community of public sector leaders responsible for procurement and strategy across local authorities and the wider public sector, we’ve devised a collaborative calendar of conferences and events for leaders of industry to listen, learn and collaborate through engaging and immersive conversation.

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

Public Sector Executive Podcast

Listen to industry leaders on everything within the public sector

From government policies and public administration to education, healthcare, and infrastructure, we explore the challenges and innovations shaping our communities.

Join us as we speak with industry leaders, policymakers, and frontline professionals, providing you with valuable insights and perspectives to stay informed and engaged with the issues that matter most.

Listen Now