Yesterday the UK's election regulator, the Electoral Commission, announced that it was hacked in 2021. The breach took more than a year to find, and 10 more months for the public to be told. Here are the five key takeaways you need to know.
1. Who's responsible?
So far, we don't know. Attribution is notoriously difficult in cybercrime, and all the Commission says is that "hostile actors" accessed its systems in August 2021.
The length of time between the breach taking place and being discovered will have made attribution a bit more difficult. That said, the "external security experts" the Commission is working with should still be able to make some educated guesses, using information like attack paths, payloads and motives - especially considering how long they've had to analyse the incident.
The fact that the attackers remain unidentified is a concern. Interference in democratic systems by hostile states carries significant implications, and there is a strong argument for this being discussed openly and transparently.
We also don't know how the attackers got in. Commission Chair John Pullinger told the BBC that the "very sophisticated" attack involved using "software to try and get in and evade our systems," but this leaves many unanswered questions.