The attackers accessed copies of the electoral roll including the names and addresses of anyone registered to vote in the UK between 2014 and 2022, including the names of those of us registered to vote overseas. They also attacked the Commission’s email system, which doesn’t affect me directly but is possibly the more worrying part of this attack.
Annoyingly, the Commission was compromised in October 2021 but didn’t detect it until August 2022. They’re only now, in August 2023, making the public aware. This is poor on their part… they should have detected the attack sooner and they should have disclosed it quicker.
Personally I don’t think the data held on the electoral roll is enough to allow someone to commit ID fraud, so I’m not too worried. But it’s frustrating nonetheless.
Some information such as name and address is in the public domain but it is possible to opt out of the “public” roll so I guess anyone who did that can assume that their data has been compromised more than they wanted.
However the full roll data includes date of birth, which is harder to link to a name and address and an absolute goldmine for ID thieves.
Yet another coincidence this morning, I have just been pressed, rush rush, to fill in a simple form that could have been left with me for a day, to confirm all the info on the UK electoral register.
Everything the government uses is provided by the lowest bidding contractor unless the contract magically goes to the Minister for X’s friend’s/cousin’s company which usually results in a worse product being rolled out.