They Steal Our Democracy: New Electoral Data Breach Exposes 8 years of UK Voter Data

The UK Voters Data Breach

In an era dominated by digital advancements, the sanctity of democratic processes faces unforeseen threats. Recent revelations of electoral data breaches have ignited concerns over the vulnerability of voting systems. The journey towards safeguarding the essence of democracy takes a precarious turn as incidents akin to the one involving the UK Electoral Commission come to light.

Photo by Element5 Digital

The disclosure of a colossal data breach by the UK Electoral Commission has exposed the personal data of individuals who registered to vote in the United Kingdom between 2014 and 2022. This revelation, nearly a year in the making, raises significant questions about the delay in public reporting of the breach. The breach was initially detected in October 2022, but subsequent investigation revealed that threat actors had infiltrated the systems as early as August 2021.

The breach provided the attackers unauthorized access to crucial components of the Commission’s infrastructure, including email servers, control systems, and copies of electoral registers. Within this breach, the malevolent actors accessed reference copies of electoral registers, which are maintained by the Commission for research and for verifying the permissibility of political donations. Notably, these registers contained names and addresses of UK voters between 2014 and 2022, as well as overseas voters’ names.

However, it’s important to note that individuals who registered anonymously were not affected by this breach. The compromised voter data encompassed a range of personal information:

Personal data contained in the Commission’s email system:

  • Name, first name, and surname
  • Email addresses (personal and/or business)
  • Home address if included in webforms or emails
  • Contact telephone number (personal and/or business)
  • Content of webforms and emails containing personal data
  • Personal images sent to the Commission

Personal data contained in Electoral Register entries:

  • Name, first name, and surname
  • Home address in register entries
  • Date on which an individual achieves voting age that year

During the breach, threat actors also accessed the Commission’s email server, exposing internal and external communications involving the agency. Fortunately, the breach did not impact any elections or voter registrations, according to the Commission’s official statement. The agency downplays the incident, asserting that no voter registration details were tampered with and that a significant portion of the exposed data is already publicly accessible.

Nevertheless, the implications of the breach extend beyond immediate electoral processes. While voter names and addresses are publicly available in the UK open register, the leaked information, such as email addresses and phone numbers, can potentially facilitate targeted phishing campaigns and identity theft.

The Global Threat

Experts believe that the electoral data breaches point to a larger, systemic issue. As voting systems intertwine with digital ecosystems, nation-states and threat actors are drawn into a new battleground—one where information and disinformation can shape the course of nations.

Kaduu’s extensive research further revealed that the vulnerabilities in electoral systems go beyond data breaches. In 2022, a group of security researchers discovered glaring weaknesses in the voting software used by the United States. The vulnerabilities exposed the potential for manipulation of votes, casting a shadow over the very essence of representative governance.

At Kaduu we believe that to secure the future of democracy, we must anticipate, adapt, and defend against threats that transcend physical borders. As democracy stands at the crossroads of technology and vulnerability, it falls upon nations, organizations, and cybersecurity experts to rise to the occasion. With every new breach, the shadows that assail democracy grow longer, but with the right strategies and collaborations, the light of transparency and security can prevail.

If you liked this article, we advise you to read our previous article about “FraudGPT”, a new AI bot tailored for offensive and fraudulent purposes. Follow us on Twitter and LinkedIn for more content.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.