UK Blames China for Massive Breach of Voter Data

The U.K. government has blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. From a report: In a statement to lawmakers in Parliament on Monday, U.K. deputy prime minister Oliver Dowden attributed the 2021 data breach at the Electoral Commission to hackers working for the Chinese government. Dowden told lawmakers that the U.K. government "will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom's interests."

It's the first time the United Kingdom has attributed the breach since the cyberattack was first disclosed in 2023. The Electoral Commission, which maintains copies of the U.K. register of citizens eligible to vote, said at the time hackers took the names and addresses of an estimated 40 million U.K. citizens, including those who were registered to vote between 2014 and 2022 and overseas voters. The data breach began as early as 2021 but wasn't detected until a year later. In a statement Monday, the U.K. National Cyber Security Centre (NCSC) said it is "highly likely" that the Chinese hackers accessed and exfiltrated emails and data from the electoral register during the hack.

it's not just Cambridge Analytica

[RMH101]

...I'd imagine most nation states are using microtargeting on social media to drive their own agenda. The UK had a Russian-backed Brexit campaign and isolating countries like the UK suits many other nations too...

Re:

[Budenny]

"The UK had a Russian-backed Brexit campaign"

Evidence for that?

Re:

[Eunomion]

1. Looks like shit.

2. Smells like shit.

3. Tastes like shit.

4. There's a ruptured sewer line next door.

5. Your neighbors explicitly say "Beware of shit" over and over for half a decade.

Pretty good evidence it's shit.

Russian interference [Re:it's not just Cambrid...]

[XXongo]

"The UK had a Russian-backed Brexit campaign"

Evidence for that?

Discussed, with evidence compiled, many places. Probably Wikipedia is the best first place to go: https://en.wikipedia.org/wiki/... [wikipedia.org]

Long British report on this, which is discussed in several news articles:
https://www.wired.com/story/br... [wired.com]
https://www.csis.org/blogs/bre... [csis.org]
https://foreignpolicy.com/2020... [foreignpolicy.com]
https://www.politico.eu/articl... [politico.eu]

Errrm!

[XMKT]

Shouldn't the UK blame the UK for allowing somebody to access the data.

If memory serves, that's what everyone else has to do...

Re:

[zlives]

no, there is no defense against hacking by china or russia or whatever outsiders.
this is why the government needs back doors so they can safely extract, err i mean protect everyone.

Re:

[Budenny]

"....the ludicrous and thoroughly discredited theory that "Russian agents" distributed "Novichok" in a bungled assassination attempt in England...."

Out in force today!

Re: Errrm!

[Malc]

You might have had more success with your comment if you hadn't tried to deny a Russian terrorist attack.

Re:

[Gibgezr]

Ivan can't help himself.

Re:

[Archtech]

1. The UK government failed to protect confidential personal data.

2. Naturally, its apologists blame China. Why not? Everyone is supposed to hate China - almost as much as they are supposed to hate Russia, Iran, Venezuela, Syria... and nothing the Chinese say will be believed. In any case they will not stoop to deny such absurd allegations.

Bottom line: the UK government failed to protect confidential personal data. All the talk in the world about "hackers" cannot change the fact that a competently administe

Re:

[sabbede]

"a competently administered and protected IT system cannot be penetrated"

Insert peals of laughter here.

No safe is uncrackable, no lock unbreakable.

Re:

[XXongo]

Might have been satire. Hard to tell.

Re:

[Archtech]

I simply cannot tell whether the parent is serious or satirical.

Re:

[Opportunist]

Poe's Law is strong in this one, indeed.

Obviously, the UK is also to blame

[gweihir]

For criminally bad IT security. No, that is not victim-blaming. These people are _perpetrators_.

Re:

[XXongo]

For criminally bad IT security. No, that is not victim-blaming. These people are _perpetrators_.

Both. The UK was a victim, and also was to blame for bad security.

Why are voter details held centrally at all?

[clive_p]

I don't understand why the voter details were held centrally at all. Voter registration in the UK is with a council official called a Returning Officer, and the data only need ot be stored locally. If not held centrally it would have been much harder for it to get hacked.

Re: Why are voter details held centrally at all?

[Malc]

Maybe it would be easier to hack parts of it given the budget councils are working with and their typical IT incompetence.

Do have a proposal who the local returning officers should check that nobody is illegally registered in another locality?

Its not at all clear how serious this is

[Budenny]

All they seem to have got is the UK Open Register, which is available to anyone who wants to buy it. You can opt out of this.

There is also the Full Register, which is not available to buy, and can only be used for electoral purposes. For instance a candidate wishes to do a mail shot. You cannot opt out of this.

But you can register to vote anonymously, if for safety reasons (for instance) your name should not appear on either register. In this case it will not.

They seem only to have got the Open Register, so its not clear why this is very serious. Maybe the intention revealed in the hacking is an indicator of something bad? Or maybe they got something more than the Open Register, but short of the Full Register?

https://www.gov.uk/electoral-r... [www.gov.uk]