Hackers may have information on tens of millions of British voters after they got access to electoral registers, the U.K.’s election watchdog said Tuesday — nearly a year after the breach was discovered.
The Electoral Commission apologized for the breach but said much of the information was already in the public domain and that the names and addresses of people who registered to vote between 2014 and 2022 was unlikely to be used by “hostile actors” to sway election results.
“The U.K.’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting,” said Shaun McNally, the commission’s chief executive. “This means it would be very hard to use a cyber-attack to influence the process.”
The commission reported the breach to the Information Commissioner’s Office within three days of discovering it last October.
The Guardian quoted the commission as saying that it did not report the attack immediately to the public because it needed to break off the access the hackers had, determine the extent of the breach and work with the ICO and National Cyber Security Centre to improve security.
The hack exposed reference copies of the electoral registers used by the commission for research and to check if political donations are allowed. Each register holds the information of about 40 million people.
Hackers also had access to the commission’s email system.
While the commission knows what systems could be seen by the hackers, it does not know what files were accessed, McNally said. The commission’s information technology security has been improved since the attack, he added.
The Information Commissioner’s Office said it is still investigating the hack.