The Electoral Commission has revealed it was subject to a prolonged cyber-attack by “hostile actors”.
The hack was identified in October 2022, but computer systems had first been infiltrated in August 2021.
The Commission said personal data including names, home addresses and email addresses, as well as other personal data, were accessible during the attack.
“We do not know who is responsible for the attack. We reported the incident to the National Cyber Security Centre (NCSC),” the elections watchdog said in a statement on Tuesday.
“No groups or individuals have claimed responsibility for the attack.”
It added: “We regret that sufficient protections were not in place to prevent this cyber-attack and apologise to those affected.
The Electoral Commission is the independent body which oversees elections and regulates political finance in the UK.
Shaun McNally, the commission’s chief executive, said it showed the need to remain “vigilant” about threats to the democratic process.
“The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting,” he said.
“This means it would be very hard to use a cyber-attack to influence the process.
She added: “Nevertheless, the successful attack on the Electoral Commission highlights that organisations involved in elections remain a target, and need to remain vigilant to the risks to processes around our elections.”