Russians blamed for shock cyber attack hitting millions of UK voters

Sign up for the View from Westminster email for expert analysis straight to your inbox

Get our free View from Westminster email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Russia is suspected of being behind the cyber attack on the Electoral Commission which left the data of 40 million UK voters exposed, sparking fears of an attempt to “interfere” with British democracy.

The elections watchdog apologised after revealing that it first detected the “complex” hack in October 2022. But the breach had happened more than a year before, in August 2021.

Britain’s intelligence services have detected evidence linking the attack to Russians, according to The Times and The Telegraph, after the commission asked GCHQ to investigate the breach.

Former GCHQ director Sir David Omand told BBC Radio 4’s PM that Moscow would be “first on my list of suspects”, while Sir Richard Dearlove, the former head of MI6, said Russia “would be at the top of the suspects list by a mile”.

Mr Omand said: “Russians – and I point to them in particular – have been interfering with democratic elections for some years now. Think of the 2016 US election, and then the French election, and then the German election, even our own 2019 election.”

Signs of ransomware – software designed to block an organization accessing its own files – were reportedly found. It has sparked concerns that the watchdog could have been blocked from accessing its own voter lists.

The hack, publicly confirmed on Tuesday, allowed the cyberattackers to access reference copies of electoral registers containing names and addresses of everyone registered to vote between 2014 and 2022.

The Electoral Commission apologised and insisted that there was little risk of “hostile actors” influencing the outcome of a vote.

But the commission’s chief executive Shaun McNally admitted that his organisation did not know yet exactly which files had been accessed.

“We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed,” he said.

“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”

The watchdog chief said measures had been taken to improve security on the commission’s IT systems – playing down the risk of election interference because of paper-based voting.

“It would be very hard to use a cyberattack to influence the process,” said Mr McNally.

The hackers were able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.

The registers held at the time of the cyberattack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

The exposed files included those who opted to keep their details off the open register, but can still be credit agencies and other. But they did not include the details of those who have registered completely anonymously.

Senior Labour MP Chris Bryant, responding to criticism online that it took almost one year for the commission to reveal the hack, said it raised fresh questions about the intelligence and security committee’s report into Russia influence.

“Why did the government refuse to publish the unexpurgated Russia Report?” the standards committee chair tweeted.

The Information Commissioner’s Office (ICO) has launched an investigation “as a matter of urgency”, saying voters would be alarmed by the news.

Labour’s deputy leader Angela Rayner said: “This deeply concerning attack serves as a reminder of the critical importance of Britain’s resilience to cyber-attacks. This serious incident must be fully and thoroughly investigated so lessons can be learned.”