AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

The UK Electoral Commission fails a crucial cybersecurity test

The gaps in the IT security of the Election Commission expose the entire population to serious risks

The UK Electoral Commission has admitted to a cyber breach that compromised the personal data of 40 million voters. The attack occurred after the Commission failed a cybersecurity test and used outdated software. An investigation is underway to assess the consequences and improve cybersecurity.

This pill is also available in Italian language

The UK Electoral Commission recently admitted that it had failed an important cybersecurity test. During the same period, hackers managed to breach its systems compromising the personal data of 40 million voters. According to a source within the Commission, the error was discovered during an audit of Cyber Essentials, in which an automatic problem emerged. This breach, which occurred between August 2021 and October 2022, allowed attackers to gain unauthorized access to sensitive voter emails and databases. As of now, the perpetrators and the attack method have not yet been identified.

Deficiencies of the Electoral Commission regarding Cyber Security

The UK Electoral Commission appears to have significant cybersecurity shortcomings, as highlighted by the failed Cyber Essentials test. Auditors identified several issues, including the use of outdated software on approximately 200 staff laptops and the use of unsupported iPhones. These shortcomings potentially contributed to the breach, raising concerns about the Commission's cybersecurity preparedness. It should be noted that the government forces vendors that handle sensitive data to obtain Cyber Essentials certification.

Ongoing investigation into the cyber attack

The Electoral Commission's breach has sparked the interest of the UK's Information Commissioner's Office (ICO), which is currently conducting an investigation to assess the data security and privacy implications. Although the Commission initially downplayed the extent of the attack, saying it was "largely in the public domain", the data of millions of individuals who had opted not to be included in public records was compromised. The duration of unauthorized access to election systems over several months indicates that the attackers were seeking something other than simple financial gain, which is the most common motive behind such attacks, according to Andrew Rose, resident CISO at Proofpoint.

Improved IT security measures

The Electoral Commission, despite not reapplying for Cyber Essentials certification in 2022, said it is committed to working with the National Cyber Security Center (NCSC) to improve cybersecurity measures. This breach represents a stark warning to all organizations, public and private, to act quickly to strengthen their cyber defenses, making it more difficult for criminals to access their systems and preventing future attacks. Investigations into the cyber attack on the UK Electoral Commission are still ongoing.

Follow us on Threads for more pills like this

09/05/2023 17:58

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat