Cyber attack on electoral registers – your questions answered
What happened?
Unidentified hackers gained access to the UK’s electoral registers for 14 months without being detected. The initial breach took place in August 2021 but the attack wasn’t discovered until October last year.
Why are we only finding out now?
The Electoral Commission discovered the attack due to some suspicious log-in requests in October 2022.
Before telling the public, they needed to secure their systems to prevent further attacks.
What did the hackers see?
The hackers gained access to the names and addresses of people registered to vote in the UK between 2014 and 2022. This included overseas voters and those who opted to keep their details off the open register.
The attackers didn’t see the details of anonymous voters – whose details are hidden for security or safety reasons.
Emails sent to the Electoral Commission and details provided by people filling in forms on its website may also have been seen.
It’s unknown whether the hackers made copies of any data.
Should I be worried?
The electoral registers typically just include names and addresses. This information is often already publicly available.
Having said that, it’s possible this data could be used alongside other publicly available information to work out people’s patterns of behaviour. The more information fraudsters have about you, the easier it is for them to scam you.
Have my details been published online?
There is no evidence that the names and addresses accessed in the attack have been published online.
How can I avoid being scammed as a result of this breach?
If you’re worried about this or any other data hack, there are a few things you can do to check if your personal information is secure.
If you think you might have emailed financial data to the Electoral Commission, companies like Experian offer free credit check tools that look for signs of identity theft.
To find out what personal information the Electoral Commission holds about you, send them a subject access request. You can get in touch with them by email or phone. Don't worry about using any particular wording. Simply ask to see the personal details they have for you.
To see if your email address is publicly available, you can search https://haveibeenpwned.com. This will show if it’s been leaked through any reported data hacks.
What else can I do to outsmart scammers?
Read our guides on spotting energy scams and how to outsmart online scammers.
Rebecca Routledge
A qualified journalist for over 15 years with a background in financial services. Rebecca is Money Wellness’s consumer champion, helping you improve your financial wellbeing by providing information on everything from income maximisation to budgeting and saving tips.
Related posts
01 May 2024
Before they apply for insolvency, domestic violence survivors can ask for their address to be withheld from the insolvency register. But there’s a cost and from today it’s becoming even more expensive.
26 Apr 2024
Find out how a charge to Barclaycard’s terms could see you paying off your debt for longer and paying more interest.
24 Apr 2024
As an MP calls for urgent action on growing household energy debt in the UK, find out what to do if you can't keep up with your gas and electricity bills.
22 Apr 2024
As two female pensioners are ordered to pay £1.2m for illegal money lending, find out what to do if you've borrowed from a loan shark.