The Information Commissioner’s Office (ICO) has reprimanded the UK Electoral Commission after a cyberattack exposed the personal information of approximately 40 million voters. The breach, which occurred in 2021, has been linked to Chinese hackers. The ICO criticized the Electoral Commission for failing to take basic steps to protect voter data, highlighting significant lapses in online security and cyber security failings. The attack exploited vulnerabilities in the Exchange server, including issues related to ProxyShell and passwords.