Photo by Amelia Holowaty Krales / The Verge
A cyberattack that began in August 2021 exposed the personal data of people in the United Kingdom who registered to vote between 2014 and 2022. The attack wasn’t detected until October 2022, the UK Electoral Commission reported today. Attackers would have also had access to data from voters who’d opted to keep their data off public voter rolls, according to the BBC.
The Electoral Commission said on X (formerly Twitter) that it waited to report the delay so it could stop the attack and “assess the extent of the incident” as well as harden its systems and get in touch with the National Cyber Security Centre and the UK Information Commissioner’s Office.
Much of the data was “already in the public domain,” wrote the Electoral Commission, but…