The UK's Electoral Commission has revealed that some personal information of around 40 million voters was left exposed for over a year. The agency — which regulates party and election finance and elections in the country — said it was the target of a “complex cyberattack.” It first detected suspicious activity on its network in October 2022, but said the intruders first gained access to its systems in August 2021.
The perpetrators found a way onto to the Electoral Commission's servers, which hosted the agency's email and control systems, as well as copies of the electoral registers. Details of donations and loans to registered political parties and non-party campaigners were not affected as those are stored on a separate system. The agency doesn't hold the details of anonymous voters or the addresses of overseas electors registered outside of the UK.