IE 11 is not supported. For an optimal experience visit our site on another browser.

U.K. election regulator says hackers had access for over a year but elections still secure

Most of the voter information that was accessed was already public, the Electoral Commission said.
Ballots are emptied from a ballot box for counting at the count centre in Wakefield, in Northern England
Ballots are emptied from a ballot box for counting at the counting center in Wakefield, England, in June 2022.Nigel Roddis / AFP via Getty Images file
By Kevin Collier

Hackers gained access to the U.K.’s election regulator, the Electoral Commission, for more than a year, the agency said Tuesday.

The Electoral Commission said the hackers were not able to access any systems related to the actual administration of elections, but they did access the agency’s email servers and personal information like names and addresses of voters who registered from 2014 to 2022.

Most of the voter information that was accessed was already public, the commission said. The hackers first gained access in August 2021 and went undetected until October 2022, the agency said.

The Electoral Commission said it doesn’t know the identity of the hackers and that none have claimed responsibility.

The agency delayed announcing the breach because it first needed to kick out the hackers, assess their access and put in additional security measures, Andreea Ghita, a spokesperson for the commission, said in an email.

Shaun McNally, the organization’s chief executive, said in a statement that the U.K.’s elections system remains secure due in part to it use of paper documentation. 

“Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections,” McNally said.

A spokesperson for the National Cyber Security Centre, the British government’s cybersecurity agency, said that it had helped the commission in its recovery from the incident but declined to comment further.

Since 2016 intelligence agencies from Russia and Iran have been accused of hacking election-related systems in several countries, including the U.S. and France. In 2020, the U.K. accused Russia of a cyber-influence operation designed to influence its nationwide elections the year before.

Lisa Forte, a partner at the British cybersecurity company Red Goat, said that the fact that the hackers were able to stay undetected for more than a year is noteworthy.

“This implies that they had a level of sophistication above and beyond that of the opportunistic attacker,” Forte said.

Kevin Collier

Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.