Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO reprimands the Electoral Commission after cyber attack compromises servers

Link(s):ICO reprimands the Electoral Commission after cyber attack compromises servers | ICO

Context

The ICO has issued a reprimand to the Electoral Commission after hackers gained access to servers that contained the personal information of approximately 40 million people.

Key points to note and next actions

In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known software vulnerabilities in the system that had not been secured.  The attackers had access to this information of over a year, including names and home addresses, while accessing the servers on several occasions without the Electoral Commission’s knowledge.

The investigation found that the Electoral Commission did not have appropriate security measures in place to protect the personal information it held. In particular:

  • it did not ensure its servers were kept up to date with the latest security updates (the security patches for the vulnerabilities exploited in the cyber attack were released in April and May 2021, months before the attack);  and
  • it did not have sufficient password policies in place at the time of the attack, with many accounts still using passwords identical or similar to the ones originally allocated by the service desk.

Firms should ensure their systems and information are kept secure by promptly updating their software with any security patches that are released and by reviewing their system access policies and controls.