We have been made aware that the Electoral Commission has been subject to a complex cyber attack.

Whilst our own systems were not the subject of the attack, it is always concerning when organisations we work with are compromised. We are required by law to provide our electoral register to the Electoral Commission each year. The personal data accessible during the attack includes the names and addresses of anyone registered to vote between 2014 and 2022. The details of anonymous voters were not accessed, as this data is not held. Information sent to the Electoral Commission via their ‘contact us’ form was also accessible.

We appreciate that data breaches of this kind can be concerning. In a statement on their website, the Electoral Commission regrets that sufficient protections were not in place to prevent the cyber attack and has apologised to those affected. The incident is being investigated by the National Cyber Security Centre (NCSC), and additional security measures have been put in place to prevent similar attacks in the future. We will continue to monitor the situation.

For more information about the incident, the Electoral Commission has published a public notification on their website along with FAQs. Please direct all queries to the Commission using their webform.