UK Attributes Massive Breach of Voter Data to China

The U.K. government has officially attributed a 2021 cyberattack on the Electoral Commission to hackers working for the Chinese government. Deputy Prime Minister Oliver Dowden made the announcement in Parliament, stating that the U.K. government “will not hesitate to take swift and robust actions wherever the Chinese government threatens the United Kingdom’s interests.”

The cyberattack on the Electoral Commission, which occurred in 2021 but was only detected a year later, compromised the personal information of millions of U.K. voters, including names and addresses. The U.K. National Cyber Security Centre (NCSC) stated that Chinese hackers likely accessed and exfiltrated emails and data from the electoral register during the breach, potentially for espionage purposes and to target dissidents and critics in the U.K.

Additionally, Dowden mentioned a separate attempted cyberattack by a China-backed hacking group on the email accounts of U.K. lawmakers in 2021. The NCSC attributed these attempted hacks to a group known as APT31, which has a history of targeting online accounts of foreign government officials.

While the Chinese Embassy in the U.K. denied the allegations, stating that China “does not encourage, support or condone attacks launched by hackers,” the NCSC emphasized the importance of calling out cyber actors that pose a threat to democratic institutions and values.

This attribution marks the first time the U.K. has publicly blamed China for the cyberattack on the Electoral Commission, highlighting growing concerns over state-sponsored cyber threats targeting democratic processes and institutions worldwide.