Information Commissioner's Office’s Post

It is important to remember that effective security practises is essential in all organisations to mitigate security risks.

Patch Management A robust password management Visibility within their infrastructure. Basic security in which this breach could have been avoided. If you run your own business, or you work for an organisation in which doesn't have the basic fundamentals in place for defence in cybersecurity. I would strongly suggest that you start having those conversations. #ico #cybersecurity #breach #patchmanagement #fundamentals

The Electoral Commision exposed the data of up to 40 million voters by not doing the cyber security basics with criminals in their systems for over a year! The incident response team at Aspire Technology Solutions are regularly contacted by organisations who have been - or suspect they are - in the midst of a cyber security incident. By far the most common method we see as the initial access for these is either phishing, weak/re-used credentials or exploiting unpatched vulnerabilities (or a mix of the three). The Electoral Commission is also reported to have repeatedly failed to achieve Cyber Essentials (which includes strict controls around MFA, patching and other good practices). How can we encourage organisations to get the basics right when their public sector role models - who hold massive amounts of data - aren't doing it either? https://lnkd.in/ezTjPAJR #infosec #cybersecurity #cyberessentials #electorialcommission

The Information Commissioners Office (ICO) has formally reprimanded The Electoral Commision as personal details of millions of UK voters were left "vulnerable to hackers"🫣 The hackers had access to this data for over a year between 2021 and 2022 but have since been kicked out. This comes as a result of passwords not being changed and software not being updated, an issue that the Electoral Commission claims to have since fixed🛠️ Read more: https://lnkd.in/g3dJYuxD #ico #cyberattack #cybernews #bbcnews #cybersecurity #CybersecurityRisk #cybersecurityexpert

In the last hours, the UK’s election watchdog, the Electoral Commission, has been reprimanded over online security lapses that allowed the personal information of 40 million voters to be hacked in August 2021 but was not identified until October 2022. The Information Commissioner’s Office (ICO) said the Electoral Commission had not kept its servers up to date with the latest security updates. Members of the ICO noted that if the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened. By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers. Check more information here: https://lnkd.in/dsp544Sa This kind of news is a powerful reminder that data privacy and security is one of the facets of technology impacting individuals and communities around the world. At the Be Kind Tech Alliance, we aim to drive solutions to protect individuals' or organizations' data from unauthorized access, use, disclosure, or alteration. Check out our initiatives at https://lnkd.in/eHj8__aH #DataPrivacy #CyberSecurity #TechForGood #BeKindTechAlliance

Theft of 40million UK voter register in 2021/2022 continued to alarm the data protection industry. Why? Judging from the UK Information Commission Office (ICO) end Jul 2024 report, it looks like such a breach was entirely preventable as its investigations revealed that Electoral Commission failed to have: - appropriate security measures in place to protect the personal information it held; in particular, it did not ensure its servers were kept up to date with the latest security updates. - sufficient password policies in place at the time of the attack, with many accounts still using passwords identical or similar to the ones originally allocated by the service desk. But the ICO decision was merely a "slap on the wrist" as it only issued a reprimand to the Electoral Commission. Reason given? "while an unacceptably high number of people were impacted, we have no reason to believe any personal data was misused and we have found no evidence that any direct harm has been caused by this breach." hmmmm...... https://lnkd.in/gayBcNZc #ICO #dataprotection #cybersecuritymeasure #DP

Another reminder here to never ignore the basics! Make sure you keep your devices updated and always use strong, unique passwords. Let's not make it easy for those who are only too happy to exploit weaknesses in IT infrastructure! In need of expert support? Then speak to our team for advice. Reach out to Mike, or drop us a message. Or for more hints and tips, head to our blog: https://lnkd.in/eTeQBUG9 #cybersecurity #hack #ITsupport #ITprovider #MK #MiltonKeynes

This shows the importance of making sure you do software updates and have a robust password policy. #passwords #cybersecurity #ITupdates Poor security let hackers access 40 million voters' details https://lnkd.in/eZ8btHgc

Personal details of millions of UK voters were left "vulnerable to hackers" because passwords were not changed and software not updated, the UK's data privacy watchdog has found. The Electoral Commission, which oversees UK elections, has been formally reprimanded by the Information Commissioners Office (ICO) over the security lapse. Beginning in August 2021 cyber-attackers were able to access computers containing the Electoral Registers, which hold details of voters including millions of those not available publicly. The Electoral Commission said it regretted that sufficient protections were not in place to prevent the cyber-attack. "As the ICO has noted and welcomed, since the attack we have made changes to our approach, systems, and processes to strengthen the security and resilience of our systems and will continue to invest in this area," it said in a statement. The investigation did not find any evidence that personal data was misused, or that any direct harm has been caused by the attack. The ICO said hackers had access to the Electoral Commissions' systems for over a year. It was only spotted when an employee reported that spam emails were being sent from the commission's own email server. The hackers were eventually booted out in 2022. The UK government has formally accused China of being behind the attack on the commission, claims the Chinese embassy rejected as "malicious slander". #VoterDataBreach #CyberSecurityBreach #DataProtection #ElectionSecurity #PelionCyberSecurity #HackerAttack #DataPrivacy