The UK election watchdog said Tuesday that it has been the victim of a "complex cyber-attack" which potentially affected personal data of millions of voters.
In a statement, the Electoral Commission noted that the incident was identified in October last year after "suspicious activity" was detected on its systems and later it was understood that "hostile actors" had first accessed the systems in August 2021.
"During the cyber-attack, the perpetrators had access to the Commission's servers which held our email, our control systems, and copies of the electoral registers," it said in the statement.
The election watchdog underlined that hackers accessed reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.
"The registers held at the time of the cyber-attack include the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters."
The commission's email system was also accessible during the "complex cyber-attack," said the statement.
The information affected by the incident does not pose a high risk to individuals, it said, stating that they released this notification due to the "high volume of personal data potentially viewed or removed" during the cyberattack.
"The attack has not had an impact on the electoral process, has not affected the rights or access to the democratic process of any individual, nor has it affected anyone's electoral registration status," it added.
Apologizing to those affected by the breach, Electoral Commission said they have worked with security specialists to investigate the cyberattack.
