Russia blamed for cyberattack that exposed UK voters’ data

Electoral Commission has not formally identified ‘hostile actors’ behind massive breach but experts say Russians ‘top suspect list’

UK voter polling station
Attack on Britain’s electoral register exposed the data of up to 40 million British voters
(Image credit: Ian Forsyth/Getty Images)

UK intelligence services have reportedly “found evidence” linking Russia to a cyberattack that exposed the data of up to 40 million voters.

According to The Telegraph, the 2021 attack on the Electoral Commission, which was revealed on Tuesday, is believed to be an attempt by Russians to “undermine democracy”. But following a ten-month inquiry, “there is no evidence at this stage of links to the Kremlin”, The Times reported.

Former GCHQ director David Omand and former MI6 chief Richard Dearlove told BBC Radio 4’s “Today” programme that Russia would be “top” of their “suspects list”, given the country’s previous involvement in cyberhacking attacks on Western nations. The Internet Research Agency, a “troll farm” founded by Yevgeny Prigozhin, head of Russia’s Wagner mercenary group, has previously been accused of meddling in elections “on the Kremlin’s behalf”, The Times noted.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The data leak took place in August 2021 but was not detected until October 2022, reportedly after signs of ransomware were found. The Electoral Commission this week apologised for the breach and said that cybersecurity chiefs from GCHQ had been called in to investigate and secure its systems. Investigators did not “know conclusively what files may or may not have been accessed”, the commission admitted, but “much of the data” was already “in the public domain”.

The watchdog did not formally identify the “hostile actors” behind the “complex cyberattack”, however.

The attack represents the “biggest data breach in UK history”, said the Daily Mail. The “criminals” gained access to electoral registers that listed the names and addresses of anyone in the UK signed up to vote between 2014 and 2022, as well as registered overseas voters.

How the hack on “the UK’s most important election body” went undetected for more than a year “remains unclear”, said The Telegraph, and raises “major questions about security”.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.

Richard Windsor is a freelance writer for The Week Digital. He began his journalism career writing about politics and sport while studying at the University of Southampton. He then worked across various football publications before specialising in cycling for almost nine years, covering major races including the Tour de France and interviewing some of the sport’s top riders. He led Cycling Weekly’s digital platforms as editor for seven of those years, helping to transform the publication into the UK’s largest cycling website. He now works as a freelance writer, editor and consultant.