Private particulars of thousands and thousands of UK voters had been left “susceptible to hackers” as a result of passwords weren’t modified and software program not up to date, the UK’s knowledge privateness watchdog has discovered.
The Electoral Fee, which oversees UK elections, has been formally reprimanded by the Data Commissioners Workplace (ICO) over the safety lapse.
Starting in August 2021 cyber-attackers had been capable of entry computer systems containing the Electoral Registers, which maintain particulars of voters together with thousands and thousands of these not obtainable publicly.
The Electoral Fee stated it regretted that adequate protections weren’t in place to forestall the cyber-attack.
“Because the ICO has famous and welcomed, because the assault we’ve made modifications to our strategy, programs, and processes to strengthen the safety and resilience of our programs and can proceed to take a position on this space,” it stated in an announcement.
The investigation didn’t discover any proof that non-public knowledge was misused, or that any direct hurt has been brought on by the assault.
The ICO stated hackers had entry to the Electoral Commissions’ programs for over a 12 months.
It was solely noticed when an worker reported that spam emails had been being despatched from the fee’s personal electronic mail server.
The hackers had been finally booted out in 2022.
The UK authorities has formally accused China of being behind the assault on the fee, claims the Chinese language embassy rejected as “malicious slander”.
The ICO’s investigation discovered the Electoral Fee didn’t have acceptable safety measures in place to guard the private data it held.
To hold out the assault, hackers impersonated a professional consumer account and exploited quite a few publicly identified safety weaknesses in software program utilized by the fee.
Software program updates which fastened these safety holes had been obtainable for months earlier than the assault, however the Electoral Fee had failed to use them.
The fee additionally didn’t have an “acceptable” coverage in place to make sure staff had been utilizing safe passwords.
Investigators discovered 178 energetic electronic mail accounts had been nonetheless utilizing passwords an identical or much like these set by the organisation’s IT service desk when an account was created or reset.
ICO deputy commissioner Stephen Bonner stated if the Electoral Fee had “taken fundamental steps” to guard its programs, it was “extremely possible” the information breach wouldn’t have occurred.
“By not putting in the most recent safety updates promptly, its programs had been left uncovered and susceptible to hackers,” he stated.
