The Electoral Commission has suffered a big cybersecurity attack as the BBC reports:
The Electoral Commission said unspecified “hostile actors” had managed to gain access to copies of the electoral registers, from August 2021.
Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year…
The watchdog said the information it held at the time of the attack included the names and addresses of people in the UK who registered to vote between 2014 and 2022.
This includes those who opted to keep their details off the open register – which is not accessible to the public but can be purchased, for example by credit reference agencies.
This incident is a reminder of the value in the way we do elections, i.e. heavily paper-based and with a dispersed administration of voting and counting. That setup makes it much harder to influence results than with online voting and centralised systems.
Although a story about hacking of election data may make people worried about electoral fraud, I’m not convinced that having illegally got a copy of the full electoral register for the country makes electoral fraud noticeably easier. (What would you actually do that’s effective and requires this data?)
But, for more general identify theft, tracking down people, etc. it’s likely to be of more use for nefarious purposes (and hence my previous interest in NHS data). Which is why it’s always puzzled me why the finance sector doesn’t take more interest in the security and accuracy of the electoral register.
The electoral register isn’t just about elections. It underpins many other activities too – and that is where, I strongly suspect, we should look for any negative consequences of the hack.