In a statement, the agency, an independent body which oversees elections and regulates political finance in the UK, said the attackers appeared to have first gained access to its systems in August 2021.
The attackers were able to gain access to the electoral registers and to enable permissibility checks on political donations, the agency said.
The details in the system at the time of the attack includes names and addresses of those registered to vote between 2014 and 2022, as also names of registered overseas voters.
|
|
Electoral Commission chief executive Shaun McNally said: "The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.
"This means it would be very hard to use a cyber-attack to influence the process. Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.
“We regret that sufficient protections were not in place to prevent this cyber-attack. Since identifying it, we have taken significant steps, with the support of specialists, to improve the security, resilience, and reliability of our IT systems."
Individual electoral registers are kept by Electoral Registration Officers, but the Commission has copies to help it in its work.
McNally added: “We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.
“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”
