UK election body failed to protect voter data before Chinese cyber attack, says watchdog

0 3

Stay informed with free updates

The UK’s election authority failed to take “basic steps” to protect voter details ahead of a 2021 China-backed cyber attack that allowed hackers to access the personal information of 40mn people, according to the country’s data watchdog.

The Information Commissioner’s Office on Tuesday said the Electoral Commission did not have appropriate safeguards in place to protect personal information when hackers accessed a server in August 2021.

The UK government said in March that APT31, a Wuhan-based hacking group run by China’s main intelligence service, was behind the attack, which also targeted the US.

The group retained access to UK voters’ details including names and home addresses until October 2022, more than a year after breaching the EC’s systems.

Stephen Bonner, deputy commissioner of the ICO, said on Tuesday that the breach caused “considerable public alarm” and could have been prevented if the EC had taken “basic steps” to protect systems, including security patches and updating passwords. 

“We have no reason to believe any personal data was misused and we have found no evidence that any direct harm [happened],” he added.

The EC, which faces no sanctions from the ICO, said on Tuesday that it had taken “significant steps” since the attack to improve the security of its systems, including expanding password controls and introducing multi-factor authentication.

Earlier this year, UK government officials said the attack reflected a “clear pattern of malicious cyber activity” targeting MPs and democratic institutions.

The hacking group also targeted US officials with more than 10,000 “malicious” emails containing hidden tracking links sent to officials across the federal government, businesses “of national economic importance”, including defence, and Capitol Hill.

The campaign is alleged to have lasted for several years, and targets included international critics of China’s government, among them 43 UK parliamentary accounts, according to the US Department of Justice.

Both the US and UK governments announced a sweeping set of measures earlier this year and applied sanctions on several individuals.

Liu Pengyu, a spokesperson for the Chinese embassy in Washington, said in March that China “firmly opposes and cracks down on all forms of cyber attacks” and described the accusations as “groundless”.

He added that China was also a victim of cyber attacks and that the “US itself is the origin and the biggest perpetrator”.

The EC said last year that the cyber attack meant hackers had access to details including names, addresses and email addresses of all those who registered to vote between 2014 and 2022. They also had access to any other personal data sent to the watchdog by email.

It added that there was no indication that information accessed had been published online, though it warned that information might find its way into the public domain.

Read the full article here

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy