We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

UK Electoral Commission Hack Breached 40 Million Voters' Data

UK Electoral Commission Hack Breached 40 Million Voters' Data
Author Image Keira Waddell
Keira Waddell Published on 11th August 2023 Senior Writer

The UK Electoral Commission has disclosed a massive cybersecurity breach that exposed the personal data of an estimated 40 million UK voters. The breach, which began in August 2021, remained undetected until October 2022. The compromised data includes full names, email addresses, home addresses, phone numbers, personal images, and details from email or online forms.

The attack, characterized as “complex” by the Electoral Commission in a recent notice, allowed malicious actors to gain unauthorized access to the Commission’s servers, potentially compromising the personal details of individuals who registered to vote between 2014 and 2022. Particularly concerning is the fact that the breach also encompassed data from voters who had opted to keep their information off the open register.

While much of the accessed data was already publicly available, the breach raises concerns over the misuse of sensitive information. The hackers targeted servers containing copies of voter registration data, email correspondence, and control systems. The email server data is of particular concern, as it could expose sensitive personal information sent by voters in email text or attachments.

Data from the election register, including individuals' names, addresses, and other personal particulars, is considered lower risk. However, the Commission has acknowledged that cybercriminals could combine this information with other available data to infer behavior patterns or to identify and profile individuals.

Despite the severity of the breach, officials from the UK Electoral Commission have emphasized that certain core aspects of the UK’s democratic process remain secure. The reliance on paper documentation and manual vote counting makes it difficult for cyberattacks to significantly influence the electoral process.

The fact there was a 10-month delay in disclosing the breach has prompted questions about the Commission’s response strategy. The organization defended the delay, explaining that it was essential to halt the attack, assess the full extent of the incident, bolster cybersecurity defenses, and collaborate with relevant authorities, including the National Cyber Security Centre and the UK Information Commissioner’s Office.

While the Electoral Commission has stated that immediate action is unnecessary for those potentially affected, individuals registered to vote between 2014 and 2022 are urged to remain vigilant and monitor their personal information for signs of unauthorized use.

As the investigation into this breach unfolds, the focus remains on ensuring that future cyber incidents are met with enhanced preventive measures and timely disclosure to minimize potential risks to personal data and electoral processes.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.