A cyberattack hit the U.K. Electoral Commission. It led to a big data breach failure. This affected 40 million people’s voter records. The breach was preventable. Basic security steps were not taken.
The U.K.’s Information Commissioner’s Office released a report. The report blames the Electoral Commission. It said the breach started in August 2021. The Commission found out a year later in October 2022. They told the public in August 2023.
Hackers broke into the servers. They stole email data. They also took copies of voter records. These records had names, addresses, phone numbers, and private voter details. The records were from voters who registered between 2014 and 2022.
The U.K. government said China was behind the hack. Officials warned the stolen data could be used for spying and controlling critics in the U.K. China denied it.
Hackers Exploited Unpatched ProxyShell Vulnerabilities: Tech Failure
The ICO said the Electoral Commission broke data protection laws. It said basic steps could have stopped the breach. These steps include updating software and better password management.
The Electoral Commission admitted they did not have enough protections. They said this in a statement after the report came out. The ICO report showed what went wrong. It said the Commission did not fix known software problems. These problems let hackers into the email server.
The ICO confirmed hackers used “ProxyShell” vulnerabilities. These let them break in and take control of the server. Microsoft had released fixes for these problems in April and May 2021. The Commission had not installed them.
By August 2021, the U.S. cybersecurity agency CISA warned about ProxyShell. Many groups fixed the problems then. The Electoral Commission did not.
The ICO report said the Commission did not have a good system for updates. This was a basic security failure. The ICO found other issues too. Passwords were weak and easy to guess. Parts of the Commission’s system were old and out of date.
Stephen Bonner, the ICO deputy commissioner, made a statement. He said basic steps could have stopped the data breach. He mentioned effective patching and password management.
The report showed the Commission’s failings. These failings led to the theft of millions of voters’ data. The hack could have been prevented with simple measures.
To read our blog on “Guard kills TikToker in a fatal security breach: Karachi,” click here
