A report from the Information Commissioner's Office (ICO) has revealed that the UK Electoral Commission was hacked, exposing the personal details of 40 million voters, primarily due to basic security oversights such as failing to change default passwords and not updating software. The cyberattack, attributed to Chinese state-linked hackers, began in August 2021 but was not detected until October 2022. The ICO criticized the Electoral Commission for inadequate password management and a lack of timely security updates, which allowed the attackers to exploit known vulnerabilities in its systems. Although personal data was accessed, there is no evidence that it was misused, and the commission has since implemented measures to enhance its security. The UK government has formally accused China of orchestrating the attack, a claim that has been denied by the Chinese embassy. The incident underscores the urgent need for improved cybersecurity practices within government institutions.