The Electoral Commission
-
When searching by date, incorrect results may be produced due to errors with the dates of some documents added before 31 December 2024.
- Date 30 July 2024
- Type Reprimands
- Sector Central government
Reprimand issued to the Electoral Commission in respect of Articles 5(1)(f) and 32(1)(b). Between 24 August 2021 and 27 October 2022, a threat actor had access to the Electoral Commission’s systems and was able to access personal data held as part of the Electoral Register. This incident impacted approximately 40,000,000 individuals, and the initial access was gained via several unpatched software vulnerabilities. The investigation highlighted that appropriate technical and organisational measures were not in place at the time of the breach.