Electoral Commission reprimanded over cyber security failings after major hack | Politics News


The Electoral Commission has been reprimanded over its cyber security failings after a hack that exposed the details of around 40 million voters.

The attack happened in August 2021, when hackers got into the watchdog’s servers and exploited a known flaw in the software that should have been fixed months before.

As a result, the criminals had access to personal details of voters, including names and addresses, for over a year until the problem was found and rectified.

Earlier this year, the government blamed Chinese “state-affiliated actors” for the “malicious” attack, though a Chinese embassy spokesperson called the claim “completely unfounded”.

Politics live: Hunt hits back at Reeves after she brands him a ‘liar’

Please use Chrome browser for a more accessible video player

March: China blamed for ‘malicious cyber campaigns’

An investigation into the commission’s conduct was carried out by the Information Commissioner’s Office (ICO), which today officially reprimanded the organisation for leaving its systems “exposed and vulnerable to hackers”.

The ICO’s report said the commission “did not have appropriate security measures in place to protect the personal information it held”, namely it did not make sure its servers were kept up to date with the latest security patches that had been released months before the attack.

Follow Sky News on WhatsApp
Follow Sky News on WhatsApp

Keep up with all the latest news from the UK and around the world by following Sky News

Tap here

The report also said the commission “did not have sufficient password policies in place at the time of the attack”, with many staff having not changed from their default passwords.

Deputy commissioner at the ICO Stephen Bonner said: “The Electoral Commission handles the personal information of millions of people, all of whom expect their data to be in safe hands.

“If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened.

“By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.”

Mr Bonner said while “an unacceptably high number of people were impacted”, the ICO had “no reason to believe any personal data was misused” and there was “no evidence that any direct harm has been caused by this breach”.

He said the commission had now “taken the necessary steps” to improve its cyber security.

Read more from Sky News:
Reeves calls Hunt a liar
Chancellor hints at tax rises

An Electoral Commission spokesperson said: “We regret that sufficient protections were not in place to prevent the cyber attack on the commission.”

They added the commission had “made changes to our approach, systems, and processes to strengthen the security and resilience of our systems” since the attack, approved by experts including the ICO, and the organisation would “continue to invest” in further security.



View Original Source Here

You May Also Like

PM won’t say how many will be self-isolating after 19 July – as Starmer warns of ‘summer of chaos’

Boris Johnson has repeatedly declined to say how many people are expected…

PM’s most senior black adviser to step down

The prime minister’s most senior black adviser is to step down from…
Liz Truss says world ‘needs Republican back in White House’ | Politics News

Liz Truss says world ‘needs Republican back in White House’ | Politics News

Liz Truss has said the world “needs a Republican back in the…

British holidaymakers could be allowed to travel to Europe within weeks

Ministers are reportedly considering a small handful of countries people from the UK…