On Monday 25th March the UK government called out several China state actors for carrying out cyber attacks aimed at destabilising our democratic institutions. This is not the first time such claims have been levelled against such regimes nor will it be the last

The attack, which compromised the personal data of around 40 million voters, marks the first time China has been directly implicated since the breach came to light.

The breach, revealed by the Electoral Commission in August of last year, was first identified in October 2022 but it was confirmed hostile actors first gained unauthorised access to the organisation’s systems as early as August 2021.

The National Cyber Security Centre – a part of the UK Security Services announced

In response to the attack the NCSC has updated its guidance on Defending Democracy.

Will it affect me or my business?

Whilst the original purpose of the attack was focused on parliamentarians and election interference, as often happens there will be unintended victims whose data has been compromised as well.

Muhammad Yahya Patel, lead security engineer at Check Point Software, said that with access to the data held by the Electoral Commission,

He added

With around 40 million voter records vulnerable during the breach, around 60 per cent of the UK population could be at risk as a result.

So now is a great time to review your online security.

What should I do now?

Go to the website haveibeenpwned.com and see whether your e-mail and passwords are already compromised or online – through this breach or any other. The website is free and is used by law enforcement globally to demonstrate to people that their details might already be available to be used by online criminals. To protect your accounts from being compromised we also recommend that everyone uses two-factor authentication avoid using the same passwords across multiple accounts to ensure they are protected.

And you might use this opportunity to sign up as a free member of the Eastern Cyber Resilience Centre – a police led business focused organisation that gives you access to free support tools and guidance that is sector-specific on our website, as well as up to date information about any relevant cybercrime threats.

We also offer affordable student services that can help you protect and prepare for ransomware without breaking the bank. This includes Security Awareness Training, First Step Web Assessments and Remote Vulnerability Assessments, amongst others.

If you would like to know more about what we can do for you at the ECRC, why not book a free chat with us today?

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.

Reporting a cyber-attack which is not ongoing

Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)