Thursday, July 3, 2025

Agentforce London: Salesforce Reports 78% of UK Companies Embrace Agentic AI

WhatsApp Aims to Collaborate with Apple on Legal Challenge Against Home Office Encryption Directives

AI and the Creative Industries: A Misguided Decision by the UK Government

CityFibre Expands Business Ethernet Access Threefold

Fusion and AI: The Role of Private Sector Technology in Advancing ITER

Strengthening Retail: Strategies for UK Brands to Combat Cyber Breaches

Apple Encryption Debate: Should Law Enforcement Use Technical Capability Notices?

Sweden Receives Assistance in Strengthening Its Sovereign AI Capabilities

MPs to Explore Possibility of Government Digital Identity Program

Failure to implement basic security measures led to the hacking of data from the Electoral Commission, impacting 40 million individuals.

The Information Commissioner’s Office (ICO) has reprimanded the Electoral Commission for security errors that allowed hackers tied to the Chinese state to access servers containing the personal information of 40 million people.

The hackers breached the Electoral Commission’s Microsoft Exchange Server by exploiting known vulnerabilities that were left unpatched. This cyber attack, which went undetected for a year, compromised personal details from the electoral register, including names and addresses of voters from 2014 to 2022 and information from overseas voters.

Former Conservative deputy prime minister Oliver Dowden revealed in March 2024 that Chinese state-linked hacking groups were likely responsible for the breach. In a separate incident, Chinese hackers targeted the email accounts of 40 UK parliamentarians who criticized China.

The ICO report criticized the Electoral Commission for failing to patch security vulnerabilities and implement strong password policies. If the Commission had taken basic security precautions, such as prompt patching and password management, the breach could have been prevented.

The hackers exploited the ProxyShell vulnerability chain to access the unpatched Exchange Server. The Electoral Commission’s inadequate password management also contributed to the breach, with many users using easily-crackable or similar passwords provided by the service desk.

Despite the breach affecting a significant number of people, the ICO found no evidence of personal data misuse or direct harm caused. The Electoral Commission has since implemented remedial measures, including a technology modernization plan, monitoring services, and improved password policies and multi-factor authentication for users. Third-party security experts have reviewed and approved these measures.