UK Electoral Commission's Security Failures Expose Data of 40 Million Voters

Information Commissioner's Office criticizes watchdog for basic IT lapses, prompting calls for stronger cybersecurity measures.

The data breach occurred in August 2021 but was only identified in October 2022.
Chinese state-linked hackers were blamed for the attack, which accessed voter details from 2014 to 2022.
The Electoral Commission failed to install critical security updates and implement effective password policies.
Despite the breach, there is no evidence that the stolen data has been misused or caused direct harm.
The Electoral Commission has since strengthened its security measures, including infrastructure modernization and multi-factor authentication.