According to a spokeswoman, the Commission failed the basic test.

The election watchdog announced in August that hackers gained access to sensitive data in August 2021 and were discovered and removed in October 2022.

It is believed that unnamed attackers accessed Electoral Commission email correspondence and may have viewed databases with the names and addresses of 40 million registered voters, including millions not listed in public registers.

There is no information yet about who carried out the intrusion or how the commission was breached.

The whistleblower now confirms that cyber-security auditors told the Commission in the same month hackers broke into the organization that it wasn’t compliant with the Cyber Essentials scheme – a government-backed initiative designed to help organisations meet minimum cyber-security standards – the same month hackers broke into the organization.

Organisations use Cyber Essentials as a voluntary program to demonstrate security awareness to customers.

The Cyber Essentials certificate must be held by all suppliers bidding for contracts handling sensitive and personal information.

Several areas of the Commission’s certification application failed in 2021.

A spokeswoman for the Commission admits the errors, but says they are unrelated to the cyberattack that affected email servers.