1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

UK elections regulator hacked by 'hostile actors'

August 8, 2023

The yearlong hack gave intruders access to the organization's email, control systems, and copies of the electoral registers. The identities of the hackers has not yet been disclosed.

https://p.dw.com/p/4UvSa
A polling place open during the UK 2019 general election
The hacking of the UK election's watchdog comes after Britain accused Russia of trying to interfere with the 2019 electionsImage: Matthias Oesterle/Zuma/picture alliance

The UK's Electoral Commission said on Tuesday that it had been hacked by "hostile actors." The organization, which oversees the country's elections, said its systems had been hacked for more than a year.

"Hostile actors were active in our systems and had access to servers which held our email, control systems, and copies of the electoral registers. We have since worked with external security experts and the National Cyber Security Centre to investigate and secure our systems," the Electoral Commission said on Twitter.

In a statement, Chief Executive Shaun McNally said the organization knows which systems were hacked, but it was still unknown which files may or may not have been accessed.

The yearlong hack comes as election security has been targeted worldwide, with US officials finding Russia interfered in the 2016 presidential election to help Donald Trump's campaign and the UK accusing Russia of trying to interfere in the 2019 general election.

"The successful attack ... highlights that organizations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections," the statement read.

Hackers threaten critical infrastructure

Identity of hackers unknown

The hack was found in October 2022, after suspicious activity was detected. "It became clear that hostile actors had first accessed the systems in August 2021," the commission said.

"We regret that it took so long to detect," it added.

The identity of the hackers was not disclosed, only referring them as "hostile actors."

Before revealing the hack, the organization took action quickly, including blocking access to the hackers and putting "additional security measures in place."

jcg/wd (Reuters, AFP)