ICO report on Electoral Commission breach
Sometimes I like to share these kinds of things as they’re good to learn lessons. The ICO has released their report on the breach of the Electoral Commission.
Cyber-attack on UK’s electoral registers revealed
The Electoral Commission warns the public to be vigilant for unauthorised use of their personal data.
Paul SeddonPolitics reporter
The EC initially said this was a ‘complex cyber-attack’. I’d probably challenge that. Poor patching, poor password management, poor monitoring. Attackers just used the ‘Proxyshell’ vulnerability (wasn’t patched) to drop webshells which sat there for a year.
Sigh
Link to the report here.