Source: heimdalsecurity.com – Author: Livia Gyongyoși
The UK Electoral Commission revealed a cyberattack that exposed the personal data of all registered voters between 2014 and 2022.
The attack took place in August 2021, but the Commission only discovered the breach in October 2022. Threat actors had access to the Commission’s servers, including the email system, control systems, and copies of the electoral registers.
Exposed Data and Further Risk
The attack did not affect the act of voting or the electoral process. According to the UK Electoral Commission, which issued a public notification, the impacted data do not put voters at risk. However, security specialists claim that hackers had access to enough data to use it for phishing campaigns and identity theft.
The exposed data in the email system and the Electoral Register entries contained:
- Name, first name, and surname
- Email addresses
- Phone number
- Content of the webform and email that may contain personal data.
- Any personal images sent by the user.
- Date on which a person achieves voting age that year.
UK voters and not only should be aware they could be targets for phishing emails. Hackers might try to get more sensitive information, like passwords and account numbers. If you receive a suspicious email that tries to rise an urgency feeling, always check its authenticity.
Best Practices to Prevent Data Breaches
There is no organization type that hackers would hold back from attacking. According to Heimdal`s Annual Threat Report for 2023, Government, Health, and Transportation are 16.3% more likely to be targeted compared to other industries.
In order to prevent data breaches on a company`s or organization`s system, follow these 6 security best practices:
Apply patches and update software in time.
Use an automated patch management solution to save time and resources and bolster your security posture.
Enforce end-to-end encryption
E2EE helps you keep data safe while you transfer it between two parties. End-to-end encryption prevents hackers or other third parties to decode the communication between the sender and the receiver.
Enforce strong BYOD policies
Take appropriate measures to prevent human error effects. A BYOD policy makes it clear who and in what conditions can connect a personal device to an organization`s network.
Use strong passwords and multi-factor authentication
Using multi-factor authentication is a strong signal that a company really cares about safeguarding its users` data. Further on, requiring strong password usage is an important step. I strongly advise users never to have the same or a similar password for all logins.
Regularly educate employees
The Verizon Data Breach Investigation Report for 2023 claims that 74% of all breaches included the human element. Raise awareness and strengthen security measures among your colleagues so they will not be an easy target to threat actors. Teach them how to identify a phishing email, for example.
DNS monitoring and filtering
In an increasingly digitalized world, online presence and communication are critical. We conduct most of our daily activities by using the DNS. Carefully monitoring the flux of queries that go in and out through an organization`s network can reveal malicious intents. DNS filtering solutions identify and block on the spot any inbound or outbound malicious communication. This means no access to internal data for hackers and no way to exfiltrate them either.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/uk-electoral-commission-data-breach/
Category & Tags: Cybersecurity News – Cybersecurity News
