Overview
- The data breach occurred in August 2021 but was only identified in October 2022.
- Chinese state-linked hackers were blamed for the attack, which accessed voter details from 2014 to 2022.
- The Electoral Commission failed to install critical security updates and implement effective password policies.
- Despite the breach, there is no evidence that the stolen data has been misused or caused direct harm.
- The Electoral Commission has since strengthened its security measures, including infrastructure modernization and multi-factor authentication.