The election watchdog admits the attack wasn't detected for more than a year and doesn't know for sure what files were accessed.
ADVERTISEMENTThe UK's elections watchdog has admitted it has been the victim of a cyberattack.
The Electoral Commission said unspecified "hostile actors" gained access to copies of the country's electoral registers from August 2021.
The attack was not discovered for more than a year.
At the time, the registers included details such as the names and addresses of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. They did not, however, include information relating to those who registered anonymously for security or safety reasons.
The commission's email system was also accessible during the attack, however it says that information about donations or loans to political parties and campaigners was not impacted by this hack, as that data is stored in a different system.
The Electoral Commission has moved to reassure people that the electoral process itself has not been affected.
"The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting," Electoral Commission chief executive Shaun McNally said. "This means it would be very hard to use a cyberattack to influence the process."
"Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections," he added.
McNally said the commission had taken "significant steps, with the support of specialists, to improve the security, resilience and reliability of our IT systems".
He said that, while the commission knew what systems were accessible to the hackers, he did not know conclusively what files had been accessed.