Electoral Commission: Data Breaches Debate

Full Debate: Read Full Debate
Department: Cabinet Office

Electoral Commission: Data Breaches

Baroness Smith of Basildon Excerpts
Monday 4th September 2023

(1 year, 2 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

It is a matter for the Electoral Commission, which is independent of government and accountable to Parliament through the Speaker’s Committee on the Electoral Commission. Since it reported the incident to the NCSC, we have been working closely to provide expertise and support. The Electoral Commission has made a statement that the breach was limited and not a great deal of new information has gone into the public domain, and it has given advice on what citizens might do. On the cause, I am not sure I have anything to add to the general comment I made on operational matters.

Baroness Smith of Basildon Portrait Baroness Smith of Basildon (Lab)
- View Speech - Hansard - -

My Lords, if I am honest, the Minister’s answers are quite unsatisfactory and do not answer the question the noble Lord asked. She will recall consideration of the Elections Bill, during which many of us considered that the Government unnecessarily put in place measures to make it harder to vote. Now, it seems that the backdoor was open to hackers and perhaps more alarmingly, nobody noticed for 10 months. There are two issues about confidence here, the first of which is confidence in the integrity of the system, which the Government said they were interested in. Today, however, the Minister has not been able to give us any detail on what action is being taken to protect the electoral register. Secondly, how do we instil in the public confidence in continuing to register if their data can be hacked without anybody noticing for almost a year?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

I may be able to help on that. An independent investigation into the attack revealed that the actors were able to access only reference copies of the closed electoral register and the commission’s email system. Those have information about electors including their names, addresses, electoral numbers and franchise markers. They do not contain more confidential information such as national insurance numbers, nationality data, age, or anonymous electors, so the extent of the breach was limited. However, I emphasise that the Electoral Commission is independent, and we have done our best to help it through our cybersecurity expertise in order to make sure that the hackers have been completely taken out of the system and there are no future risks. So, the public can feel reassured in that regard.