Electoral Commission reprimanded over cyber security failings after major hack | Politics News


The Electoral Commission has been reprimanded over its cyber security failings after a hack that exposed the details of around 40 million voters.

The attack happened in August 2021, when hackers got into the watchdog’s servers and exploited a known flaw in the software that should have been fixed months before.

As a result, the criminals had access to personal details of voters, including names and addresses, for over a year until the problem was found and rectified.

Earlier this year, the government blamed Chinese “state-affiliated actors” for the “malicious” attack, though a Chinese embassy spokesperson called the claim “completely unfounded”.

Politics live: Hunt hits back at Reeves after she brands him a ‘liar’

Please use Chrome browser for a more accessible video player

March: China blamed for ‘malicious cyber campaigns’

An investigation into the commission’s conduct was carried out by the Information Commissioner’s Office (ICO), which today officially reprimanded the organisation for leaving its systems “exposed and vulnerable to hackers”.

The ICO’s report said the commission “did not have appropriate security measures in place to protect the personal information it held”, namely it did not make sure its servers were kept up to date with the latest security patches that had been released months before the attack.

Follow Sky News on WhatsApp
Follow Sky News on WhatsApp

Keep up with all the latest news from the UK and around the world by following Sky News

Tap here

The report also said the commission “did not have sufficient password policies in place at the time of the attack”, with many staff having not changed from their default passwords.

Deputy commissioner at the ICO Stephen Bonner said: “The Electoral Commission handles the personal information of millions of people, all of whom expect their data to be in safe hands.

“If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened.

“By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.”

Mr Bonner said while “an unacceptably high number of people were impacted”, the ICO had “no reason to believe any personal data was misused” and there was “no evidence that any direct harm has been caused by this breach”.

He said the commission had now “taken the necessary steps” to improve its cyber security.

Read more from Sky News:
Reeves calls Hunt a liar
Chancellor hints at tax rises

An Electoral Commission spokesperson said: “We regret that sufficient protections were not in place to prevent the cyber attack on the commission.”

They added the commission had “made changes to our approach, systems, and processes to strengthen the security and resilience of our systems” since the attack, approved by experts including the ICO, and the organisation would “continue to invest” in further security.



View Original Source Here

You May Also Like
Sir Keir Starmer should be very, very, worried after Galloway win | Politics News

Sir Keir Starmer should be very, very, worried after Galloway win | Politics News

He’s back! The left-wing firebrand and Celtic FC fanatic George Galloway has…
Trump trial second week concludes with testimony from former secretary and banker

Trump trial second week concludes with testimony from former secretary and banker

Former US President Donald Trump sits in the courtroom at Manhattan criminal…
Iran’s strikes around the Middle East send a message, analysts say

Iran’s strikes around the Middle East send a message, analysts say

A man watches a news channel on television inside a shop after…

Boris Johnson faces grilling from senior MPs as ‘partygate’ scandal re-emerges

Boris Johnson is set to face further scrutiny from senior MPs over…