Millions of UK Voters’ Personal Details Left Vulnerable to Hackers Due to Security Lapse
In a shocking revelation, the UK’s data privacy watchdog, the Information Commissioners Office (ICO), has found that the personal details of millions of UK voters were left “vulnerable to hackers” due to a security lapse by the Electoral Commission.
The security breach, which began in August 2021, allowed cyber-attackers to access computers containing the Electoral Registers, which hold sensitive information about voters, including millions of individuals not publicly available. The ICO has formally reprimanded the Electoral Commission for failing to change passwords and update software, leaving the data exposed.
The investigation revealed that hackers had access to the Electoral Commission’s systems for over a year before being discovered. It was only when an employee reported spam emails being sent from the commission’s email server that the breach was identified. The hackers were eventually removed from the system in 2022.
The UK government has accused China of being behind the attack, a claim that the Chinese embassy has vehemently denied as “malicious slander.”
The ICO’s investigation found that the Electoral Commission did not have adequate security measures in place to protect the personal information it held. Hackers were able to exploit known security weaknesses in the software used by the commission, as well as impersonate legitimate user accounts to gain access.
Furthermore, the commission failed to apply software updates that could have prevented the breach, and many employees were using weak or identical passwords, making it easier for hackers to infiltrate the system.
ICO deputy commissioner Stephen Bonner stated that if the Electoral Commission had taken basic security measures, the data breach could have been prevented. He emphasized the importance of promptly installing security updates and implementing strong password policies to protect against cyber-attacks.
The Electoral Commission has since expressed regret over the security lapse and stated that they have made changes to strengthen their systems and processes. They have pledged to continue investing in cybersecurity to prevent future breaches and protect the personal information of UK voters.