Russia blamed for cyberattack that exposed UK voters’ data

UK intelligence services have reportedly “found evidence” linking Russia to a cyberattack that exposed the data of up to 40 million voters.

According to The Telegraph, the 2021 attack on the Electoral Commission, which was revealed on Tuesday, is believed to be an attempt by Russians to “undermine democracy”. But following a ten-month inquiry, “there is no evidence at this stage of links to the Kremlin”, The Times reported.

Former GCHQ director David Omand and former MI6 chief Richard Dearlove told BBC Radio 4’s “Today” programme that Russia would be “top” of their “suspects list”, given the country’s previous involvement in cyberhacking attacks on Western nations. The Internet Research Agency, a “troll farm” founded by Yevgeny Prigozhin, head of Russia’s Wagner mercenary group, has previously been accused of meddling in elections “on the Kremlin’s behalf”, The Times noted.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The data leak took place in August 2021 but was not detected until October 2022, reportedly after signs of ransomware were found. The Electoral Commission this week apologised for the breach and said that cybersecurity chiefs from GCHQ had been called in to investigate and secure its systems. Investigators did not “know conclusively what files may or may not have been accessed”, the commission admitted, but “much of the data” was already “in the public domain”.

The watchdog did not formally identify the “hostile actors” behind the “complex cyberattack”, however.

The attack represents the “biggest data breach in UK history”, said the Daily Mail. The “criminals” gained access to electoral registers that listed the names and addresses of anyone in the UK signed up to vote between 2014 and 2022, as well as registered overseas voters.

How the hack on “the UK’s most important election body” went undetected for more than a year “remains unclear”, said The Telegraph, and raises “major questions about security”.