Content

Events
About

UK Electoral Commission suffers years-long cyber attack

Olivia Powell | 08/09/2023

UK election watchdog, The Electoral Commission (TEC), has been the victim of a “complex” cyber attack which has potentially exposed the data of more than 40 million voters.

News of the cyber attack was published in an FAQ on the commission’s website on August 8. In the post, TEC explained that the cyber attack was discovered in October 2022 after suspicious activity was detected on its systems. 

During the cyber attack, malicious actors were able to access TEC’s file sharing and email systems, meaning the data that was “most likely accessible” includes names, addresses, email addresses, and any other personal data sent to The Electoral Commission via email or held on the electoral registers for all those registered to vote in the UK between 2014 to 2022, as well as the names of those registered to vote overseas. This amounts to as many as 40 million voters.

TEC said it was unable to ascertain if the data accessible during the cyber attack had been copied or otherwise stolen from its systems. 

The watchdog explained that it worked with the National Cyber Security Center (NCSC) as well as external cyber security experts in order to secure its systems following the cyber security incident.

Regarding the attack, The Electoral Commission said that it "regret[s] that sufficient protections were not in place to prevent this cyber attack and apologize to those affected".

While TEC said that the data accessed by the malicious actors was "limited" and "already in the public domain". The commission noted that, according to the Information Commissioner Office’s data breach risk assessment, the data held by the electoral register “does not in itself present a high risk to individuals”. TEC did also say, however, that the data accessed “could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals”. 

TEC explained that they were unaware of who committed the cyber attack, and no individuals or groups have yet claimed responsibility for the attack. 

Upcoming Events


15th Annual Automotive Cybersecurity Detroit 2025

March 11 - 13, 2025
The Henry Hotel, Dearborn, Michigan, US
Register Now | View Agenda | Learn More


Digital Identity Week

09 - 10 September, 2025
Sydney, Australia
Register Now | View Agenda | Learn More

MORE EVENTS