Electoral Commission subject to cyber-attack

10 August 2023

We were informed, alongside the rest of the public, on Tuesday, 8 August 2023, that the Electoral Commission has been the subject of a complex cyber-attack. 

The incident was identified in October 2022 after suspicious activity was detected on their systems. During the attack, unidentified individuals had managed to gain access to copies of the electoral registers, from August 2021. 

As part of the attack, hackers were able to access reference copies of the electoral registers. The registers held at the time of the cyber-attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. 

The registers did not include the details of those who for security reasons qualified to register anonymously. 
The Commission’s email system was also accessible during the attack.
 
The Commission has since worked with external security experts and the National Cyber Security Centre to investigate and secure its systems.

In line with requirements under the law, the Commission notified the Information Commissioner’s Office within 72 hours of identifying that data on its systems may have been accessed. 

Members of the public can find out more by accessing this FAQ document, located on the Commission’s website. Members of the public and electors can also contact the Commission directly by using this webform and selecting the title ‘Cyber-attack’ to get in touch.