Article
Operational Security

UK electoral register hack: What can we learn?

By Amber Jackson
August 10, 2023
undefined mins
Personal data of voters and internal systems was breached in 2022 and an investigation revealed that cybercriminals have been accessing this data since 2021
Personal data of voters and internal systems was breached in 2022 and an investigation revealed that cybercriminals have been accessing this data since 2021
In the wake of a cyberattack on the UK’s Electoral Commission that saw compromised personal data, organisations must adopt stringent security measures

The UK election watchdog announced significant data breaches at the start of August 2023. 

A cyber attack such as this is a crucial example of increased attacks on key businesses and speaks to wider concerns about increased threats to digital security systems. Earlier in 2023, organisations were hugely impacted following a cyber-attack on Capita, a prominent outsourcing group, indicating that ‘bad actors’ are becoming increasingly experienced.

As part of the widespread MOVEit hack enacted by cybercriminal gang Cl0p, attacks of this nature highlight a critical need for organisations to bolster cybersecurity measures worldwide. 

Sophisticated cybercriminals remained undetected for an entire year

Personal data of voters and internal systems was breached in 2022 and an investigation revealed that cybercriminals have been accessing this data since 2021.

The UK Electoral Commission stated on its website: “During the cyber-attack, the perpetrators had access to the Commission’s servers which held our email, our control systems, and copies of the electoral registers.

“We understand the concern this attack may cause and apologise to those affected. Since the attack was discovered, we have worked with security specialists to investigate the incident and have taken action to secure our systems and reduce the risk of future attacks.”

Despite the attack having first commenced two years ago, it was only revealed to the public in August 2023. It is another example of how vulnerable personal details are when organisations do not have up-to-date cybersecurity measures, or human error when their staff are not trained to handle the complexities of a sophisticated hack.

A recent report found that there is a growing lack of knowledge within cybersecurity and an ever-widening talent gap that is placing a burden on security teams to prevent business-ending breaches. It calls for greater knowledge to be shared within the workplace and key government organisations to better combat cyber threats.

It is clear that tighter cybersecurity measures are necessary in order to protect key infrastructure and government systems from digital vulnerabilities. In addition, as a result of a growing skills gap within the industry, strengthening policies and staff training are also other ways that growing concerns about data breaches could be mitigated.

Speaking on the incident, Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, said: “This incident is more than a breach of critical national infrastructure (CNI) or personal information, it’s a breach of the instruments of democracy itself. 

“While the Electoral Commission has abided by its legal duty to notify the ICO, it has become usual practice for organisations to inform those impacted about data breaches within the same or a similar timeframe. 

“It has become de-facto standard practice to make a public announcement within days of a breach being discovered. This gives people full awareness of the issue and allows them to take any available steps to protect themselves and their data.

“It is comforting that the Electoral Commission has since strengthened its security posture since the attack, including its threat monitoring and alert systems, on advice from the NCSC. We can therefore hope that if it is targeted again in future, the attack will come to light and be communicated quicker than in this instance.”

 

******

For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.

CYBERCyber AttacksCybersecuritydigital transfomationdata breach
Share
Share

Featured Articles

Healthcare Industry a Prime Target for Cyber Attacks

Recent ransomware attack on NHS Scotland highlights how healthcare remains an attractive prospect for hackers

Lumen and Versa Deliver AI-Powered SASE for Zero Trust

Lumen expands Versa partnership to combine network connectivity and security to create improved reliability and real-time threat detection for businesses

Fortinet Remains a Cybersecurity Leader with AI Offerings

Leading cybersecurity company Fortinet unveils new FortiGate 200G Series to deliver cutting-edge performance and AI security services

AT&T Cybersecurity Rebranded as LevelBlue in Joint Venture

Cyber Security

World Password Day: 5 Best Practices To Protect Your Data

Operational Security

Blackberry: The Rise of Gen AI in Cybersecurity Operations

Technology & AI