It's taken three years to recover from China hack, election watchdog says
48 minutes ago Share Save Joe Tidy Cyber correspondent, BBC World Service Share Save
Getty Images
The UK's elections watchdog says it's taken three years and at least a quarter of a million pounds to fully recover from a hack that saw the private details of 40m voters accessed by Chinese cyber spies. Last year, the Electoral Commission was publicly reprimanded for a litany of security failures that allowed hacking groups to spy undetected, after breaking into databases and email systems. In the first interview about the hack, the commission's new boss admits huge mistakes were made, but says the organisation is now secure. "The whole thing was an enormous shock and basically it's taken us quite a few years to recover from it," says chief executive Vijay Rangarajan.
"The culture here has changed significantly now partly as a result of this. It's a very painful way to learn." The Electoral Commission oversees elections and regulates political finance in the UK to ensure the integrity of the democratic process. Mr Rangarajan was not CEO when the hack happened but says that colleagues described the chaos of discovering the hackers as "feeling like you'd been burgled whilst still inside the house". The hackers first breach was in August 2021, using a security flaw in a popular software programme called Microsoft Exchange. The digital hole was being exploited by suspected Chinese spies around the world and organisations were being warned to download a software patch to protect themselves. Despite months of warnings, the commission failed to do so. Hackers had access to the full open electoral register containing the names and addresses of all 40m UK voters. They could also read every email sent and received at the commission. The criminals weren't found until October 2022 during an password system upgrade.
The Electorial Commission's new Chief Executive Vijay Rangarajan spoke to the BBC about the hack
Cyber security failures