Commenting on the conclusion of the Information Commissioner’s Office (ICO) investigation, an Electoral Commission spokesperson said:
“We regret that sufficient protections were not in place to prevent the cyber-attack on the Commission. As the ICO has noted and welcomed, since the attack we have made changes to our approach, systems, and processes to strengthen the security and resilience of our systems and will continue to invest in this area.
“Since the cyber-attack, security and data protection experts – including the ICO, National Cyber Security Centre and third-party specialists – have carefully examined the security measures we have put in place and these measures command their confidence.
“We will continue to ensure our cyber security keeps pace with emerging threats, and remain vigilant to the risks facing our electoral processes and institutions. We will continue to work with the UK’s governments and the wider electoral community to safeguard the safety of the system.”
Background
The data accessed when this attack took place does not impact how people register, vote, or participate in democratic processes. It has no impact on the management of the electoral registers or on the running of elections.