The statement by the election commission:<p><a href="https://www.electoralcommission.org.uk/privacy-policy/public-notification-cyber-attack-electoral-commission-systems" rel="nofollow noreferrer">https://www.electoralcommission.org.uk/privacy-policy/public...</a><p>"The incident was identified in October 2022 after suspicious activity was detected on our systems. It became clear that hostile actors had first accessed the systems in August 2021.<p>During the cyber-attack, the perpetrators had access to the Commission’s servers which held our email, our control systems, and copies of the electoral registers.<p>They were able to access reference copies of the electoral registers, held by the Commission for research purposes and to enable permissibility checks on political donations. The registers held at the time of the cyber-attack include the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The registers did not include the details of those registered anonymously. The Commission’s email system was also accessible during the attack."<p>This affects about 40 million register entries.