Electoral Commission reprimanded over hack of 40 million voter details
The Electoral Commission has received a slap on the wrist after the personal details of 40 million voters were accessed by hackers.
The elections watchdog reprimanded the authority over online security lapses which left the database vulnerable.
It did not ensure its servers were kept up-to-date with the latest security updates, the Information Commissioner's Office (ICO) found.
The Electoral Commission also did not have sufficient password policies in place at the time of the attack, with many accounts still using passwords identical or similar to the ones originally allocated.
The data breach, which has been blamed by the Government on Chinese hackers, occurred in August 2021 but was not identified until over a year later in October 2022.
Stephen Bonner, Deputy Commissioner at the ICO, said: “The Electoral Commission handles the personal information of millions of people, all of whom expect their data to be in safe hands.
“If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened.
“By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.
“I know the headline figures of 40 million people affected caused considerable public alarm when news of this breach emerged last year.
“I want to reassure the public that while an unacceptably high number of people were impacted, we have no reason to believe any personal data was misused and we have found no evidence that any direct harm has been caused by this breach.
“The Electoral Commission has now taken the necessary steps to improve its security.
“This action should serve as a reminder to all organisations that you must take proactive and preventative measures to ensure your systems are secure.”