UK’s electoral registers victim of cyber-attack, watchdog reveals

The UK’s electoral registers have been hit by a “complex cyber-attack" which potentially affects tens of millions of voters, the elections watchdog has revealed.  

The Electoral Commission said it was targeted by “hostile actors” who gained access to electoral registers.  

They apologised for the breach but noted that there was little chance it could influence the outcome of a vote.   

The cybercriminals were able to access reference copies of electoral registers containing names and addresses of anyone who has registered to vote between 2014 and 2022. The copies, which are held for research purposes and to enable permissibility checks on donors, contain details of people registered to vote overseas.

The hackers were first able to access the Electoral Commission’s systems in August 2021, however, the attack was only identified in October 2022, meaning they had access to millions of records for over a year whilst completely undetected.   

The commission said that data for most of the people on the register would have been publicly accessible because they are on the open register. However, according to Sky News, 28 million people opted out of the open register that year.  

Shaun McNally, the Electoral Commission's chief executive, said: "The UK's democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.

"This means it would be very hard to use a cyber-attack to influence the process.

"Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections."

A spokesperson for the National Cyber Security Centre said they provided the commission with "expert advice and support to aid their recovery" after the incident was first identified.

"Defending the UK's democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems."