Millions of UK voters had personal information exposed in massive cyberattack that breached Electoral Commission
A SERIOUS hack has exposed the details of up to 40 MILLION Brits to “hostile actors”.
The Electoral Commission today apologised for the data breach that allowed cyber-crooks to access the names and addresses of voters.
Experts warned the breach had "all the hallmarks" of a state-sponsored attack and pointed the finger at either China or Russia.
One researcher said: " The UK voter database is a prime target for any hostile intelligence services that consistently target the UK. Up to 15 months of persistence inside a UK government network bears the hallmarks of an intrusion by a top-tier state actor, most likely from China or Russia."
Hackers first infiltrated the system in August 2021 but it was only discovered more than a year later in October 2022.
Anyone who registered to vote between 2014 and 2022 could have had their info harvested.
Chief Executive Shaun McNally said he does not “know conclusively what files may or may not have been accessed".
He said: “While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”
READ MORE ON POLITICS
But he was adamant there was little risk the saboteurs could influence an election.
He said: “The UK's democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.
"This means it would be very hard to use a cyber-attack to influence the process.”
Security buffs from the National Cyber Security Centre have been called in to help bolster the systems.
A spokesman said: “Defending the UK's democratic processes is a priority for the NCSC and we provide a range of guidance to help strengthen the cyber resilience of our electoral systems.”
Most read in The Sun
Experts fear the information could be used by fraudsters as “gateway information” to swindle vulnerable Brits.
Caroline Carruthers, CEO at global data consultancy Carruthers and Jackson, said: “The real concern about this data breach is that the information potentially stolen is ‘entry-level data’.
“This means that scammers could use the data stolen to convince vulnerable members of the public that they can be trusted, and use this gateway information to convince individuals to share even more sensitive data such as banking details.
“We all should now be hyper-cautious of any unsolicited phone calls or knocks at the door from people claiming to know who we are using information that could have been accessed from this breach.”