By Sachin Ravikumar
LONDON (Reuters) – “Hostile actors” targeted Britain’s Electoral Commission in a complex cyber incident that involved hackers accessing internal emails and copies of voter data, the commission said on Tuesday.
The Electoral Commission, the independent body which oversees elections and regulates political finance, said the incident came to light last year.
It did not provide further details on the identity of the hostile actors but said the incident showed Britain’s democratic institutions remained a target for hackers. They had access to servers that held its email, control systems, and copies of electoral registers.
Electoral security has emerged as a key issue in many countries ever since U.S. officials found Russia interfered in the 2016 presidential election to boost Donald Trump’s White House campaign.
A British parliamentary committee said in 2020 that Russia had interfered in the 2014 Scottish independence referendum, while noting allegations of similar interference in the Brexit referendum.
“We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed,” Electoral Commission Chief Executive Shaun McNally said in a statement.
“The successful attack … highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.”
Much of the data in the registers – including the name and address of those registered to vote between 2014 and 2022 and the names of overseas voters – was already in the public domain, the commission added.
Hackers had first accessed the Electoral Commission’s systems in August 2021 and the incident was identified in October 2022, the commission said.
Britain last November formed a ministerial taskforce to tackle threats of foreign interference in its elections, while its recently passed national security law provides for higher penalties for such offences.
The Electoral Commission has worked with Britain’s National Cyber Security Centre (NCSC) and external experts to investigate the incident and had since made improvements to the security of its IT systems, it said.
(Reporting by Sachin Ravikumar and James Pearson; Editing by William James, Alex Richardson, Alexandra Hudson)