A vast amount of data about UK citizens has been stolen from the UK Electoral Commission in a data breach, but it has taken them some time to let the public know they lost control of it:
Public notification of cyber-attack on Electoral Commission systems
What data has been compromised?
Here is the data list from the Commission’s public statement:
Personal data affected by this incident:
- Personal data contained in the email system of the Commission:
- Name, first name and surname.
- Email addresses (personal and/or business).
- Home address if included in a webform or email.
- Contact telephone number (personal and/or business).
- Content of the webform and email that may contain personal data.
- Any personal images sent to the Commission.
- Personal data contained in Electoral Register entries:
- Name, first name and surname
- Home address in register entries
- Date on which a person achieves voting age that year.
Your takeaway on this…
A quick read of the statement shows that the Commission became aware that their systems and our data had been compromised back in October 2022.
No reason is given for the delay in making a public statement.
Every incident response plan and business continuity plan we have written includes a “come clean quick” section as a way of re-establishing confidence with all stakeholders holders after any issue.
Yours should too.
Clive Catton MSc (Cyber Security) – by-line and other articles