Thursday, November 21, 2024

Top 5 This Week

Electoral Commission reprimanded over cyber security failings after major hack | Politics News



The Electoral Commission has been reprimanded over its cyber security failings after a hack that exposed the details of around 40 million voters. The attack happened in August 2021, when hackers got into the watchdog’s servers and exploited a known flaw in the software that should have been fixed months before.
As a result, the criminals had access to personal details of voters, including names and addresses, for over a year until the problem was found and rectified.Earlier this year, the government blamed Chinese “state-affiliated actors” for the “malicious” attack, though a Chinese embassy spokesperson called the claim “completely unfounded”.Politics live: Hunt hits back at Reeves after she brands him a ‘liar’

Please use Chrome browser for a more accessible video player

1:31

March: China blamed for ‘malicious cyber campaigns’

An investigation into the commission’s conduct was carried out by the Information Commissioner’s Office (ICO), which today officially reprimanded the organisation for leaving its systems “exposed and vulnerable to hackers”.The ICO’s report said the commission “did not have appropriate security measures in place to protect the personal information it held”, namely it did not make sure its servers were kept up to date with the latest security patches that had been released months before the attack.

Follow Global News Cast on WhatsApp
Keep up with all the latest news from the UK and around the world by following Global News Cast
Tap here

The report also said the commission “did not have sufficient password policies in place at the time of the attack”, with many staff having not changed from their default passwords.Deputy commissioner at the ICO Stephen Bonner said: “The Electoral Commission handles the personal information of millions of people, all of whom expect their data to be in safe hands.
“If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened.”By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.”Mr Bonner said while “an unacceptably high number of people were impacted”, the ICO had “no reason to believe any personal data was misused” and there was “no evidence that any direct harm has been caused by this breach”.He said the commission had now “taken the necessary steps” to improve its cyber security.Read more from Global News Cast:Reeves calls Hunt a liarChancellor hints at tax rises

An Electoral Commission spokesperson said: “We regret that sufficient protections were not in place to prevent the cyber attack on the commission.”They added the commission had “made changes to our approach, systems, and processes to strengthen the security and resilience of our systems” since the attack, approved by experts including the ICO, and the organisation would “continue to invest” in further security.

Related Posts

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Articles