Basic IT security failings left electoral register vulnerable – data watchdog

30 July 2024, 11:14

Woman's hand on a laptop
NHS cyber attacks. Picture: PA

The Electoral Commission has been issued with a reprimand after the Information Commissioner’s Office said it should have kept its systems updated.

Basic IT security failings allowed Chinese state-linked hackers to access the election watchdog’s register containing the details of 40 million voters.

The Information Commissioner’s Office (ICO) said the Electoral Commission had failed to keep its servers updated, allowing hackers to exploit the vulnerability.

The National Cyber Security Centre (NCSC), part of GCHQ, has previously said it was likely that Beijing-affiliated hackers stole data from the electoral register.

Hackers gained access to the system in August 2021 but the breach was not identified until October 2022.

The security patches for the vulnerabilities exploited in the cyber attack were released in April and May 2021, months before the attack, but not installed.

The data watchdog issued a formal reprimand to the Electoral Commission, which has already put in place a series of steps to improve its security.

Stephen Bonner, deputy commissioner at the ICO, said: “If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened.

“By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.

“I know the headline figures of 40 million people affected caused considerable public alarm when news of this breach emerged last year.

“I want to reassure the public that while an unacceptably high number of people were impacted, we have no reason to believe any personal data was misused and we have found no evidence that any direct harm has been caused by this breach.”

In March this year the Government publicly blamed Chinese state-affiliated hackers for the attack.

Intelligence agencies believed the data accessed from the electoral register “would highly likely be used” by Chinese spies for purposes, including large-scale espionage and the repression of perceived dissidents and critics in the UK.

An Electoral Commission spokesman said: “We regret that sufficient protections were not in place to prevent the cyber attack on the commission.

“As the ICO has noted and welcomed, since the attack we have made changes to our approach, systems, and processes to strengthen the security and resilience of our systems and will continue to invest in this area.”

By Press Association

More Technology News

See more More Technology News

A child using a mobile phone

Age verification to be required on any site hosting pornography, Ofcom says

A general view of Chat GPT website

ChatGPT users can now give it tasks to do in the future

A phone displaying the Twitter account for Elon Musk

Elon Musk sued by US markets regulator over Twitter stake disclosure

Elon Musk is being sued for failing to disclose his purchase of Twitter stocks before buying the company in 2022, which ‘allowed him to underpay’ by at least $150m (£123m).

US sues Musk for failing to disclose Twitter stock holdings to buy platform at ‘artificially low prices’

The back of an ambulance

IBM to supply tech for new Emergency Services Network

A laptop user

Cyber security is biggest concern among IT leaders – poll

Meta sign outside the company's base in Dublin

Meta ‘plans to cut 5% of lowest performing staff’ as Zuckerberg ‘raises the bar’

Cara Hunter MLA

Stormont MLA targeted by deepfake video urges legal clampdown

Technology

‘Millions’ in taxpayer money paid to cyber criminals in recent years – minister

Hand holding a mobile phone showing Google search engine

Competition regulator to examine Google services under new digital market laws

The report follows an eight-month inquiry into engineering biology (PA)

UK must do more to lead innovation in bio-tech sector, Lords committee says

The app for TikTok on a phone screen

TikTok says reports of possible sale to Elon Musk are ‘pure fiction’

Prime Minister Sir Keir Starmer making a speech at a podium with a sign that reads Plan For Change

More than 100 AI trials to boost small-business productivity launched

A woman's hand pressing the keys of a laptop keyboard

Proposals aim to protect UK infrastructure from ransomware

Aerial view of a child accessing social media apps on a smartphone

Access to children’s social media after death ‘moral and humane right’, MPs hear

Elon Musk

Musk tried to ‘undermine’ general election and ‘depose’ Starmer, MPs told