The U.K.’s Electoral Commission has been hacked by “hostile actors” who had access to its system and emails for over a year — and the agency cannot conclusively say what files were accessed, it said Tuesday.
“Today we announced that we have been the subject of a complex cyber-attack, and our systems were accessed by hostile actors,” the Commission said in a post on X, the social media platform formerly called Twitter.
“Hostile actors were active in our systems and had access to servers which held our email, control systems, and copies of the electoral registers.”
The Electoral Commission did not specify who the hostile actors were that accessed the system.
The Electoral Commission is an independent agency that sets the standards of the U.K.’s elections, as well as watches over party finances, similar to Elections Canada.
In response to the cyberattack on the Commission, Elections Canada says it has “not faced any cyber attack of significance (on its) IT infrastructure beyond those faced daily by any federal government organization.”
Global News has reached out to Elections Canada as well as the Communications Security Establishment, which is responsible for the digital security of federal institutions, for reaction to the attack and whether Canada has similarly been targeted.
On the U.K. Electoral Commission’s website, the agency said the incident was identified in October 2022 but that it was found the hostile actors had first accessed the systems in August 2021.
The hackers were able to access copies of electoral registers, which include the name and address of anyone in the U.K. who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The Commission’s email system was also accessible during the attack, it said. The registers did not include the details of anonymous voters.
“While much of this data is already in the public domain, we understand the concern this may cause,” the commission said on X.
The Electoral Commission’s CEO, Shaun McNally, said in a statement that key aspects of the U.K.’s democratic process are based on paper documentation and counting, which “means that it would be very hard to use a cyber attack to influence the process.”
“Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections,” he said.
“We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.”
The Commission is working with external security experts and the U.K.’s National Cyber Security Centre to investigate the hacking and secure its systems.
The U.K.’s next general election is slated to be held no later than January 2025.
Comments