The Electoral Commission have informed the council on Tuesday 8 August 2023 of an incident which was identified in October 2022 after suspicious activity was detected on their systems and it became clear that hostile actors had first accessed their systems in August 2021.

The Commission have informed us that they have since worked with external security experts and the National Cyber Security Centre to investigate and secure its systems but do not know the identity of the hostile actors.

The registers held at the time of the cyber-attack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters. The registers did not include the details of anonymous voters.

Further Information about the cyber-attack can be found on the Electoral Commission website.

In line with requirements under the law, the Commission notified the Information Commissioner’s Office within 72 hours of identifying that data on its systems may have been accessed and has today published a formal notification.

Earlier today, the Commission issued a media statement and published an FAQ document to assist with any questions you, or your electors, may have.

Members of the public and electors can also contact the Commission directly by using their webform and selecting the title ‘Cyber-attack’ to get in touch. If you have concerns about data you may have shared with the Commission, please contact their data protection team in the first instance.

Please note that the London Borough of Bromley cannot provide any information relating to this incident as part of a Freedom of Information Request or Subject Access request.

Any such requests should be directed to the Commission’s data protection team.