Trending News:Case study: Aspen completes complex £2.8m portfolio bridge for foreign nationalCase study: UTB completes £4m commercial bridge on a multi-let industrial unit in BrentfordCase study: Arc & Co. completes £26m bridge on property in KnightsbridgeCase study: HTB completes £7m bridge for multi-unit portfolio acquisitionCase study: Shawbrook completes bespoke £29.6m deal on residential project in MediaCityCase study: Inspired Lending completes £400k facility for commercial refurbishment project in DevonCase study: BML completes £20m BTL funding on prime central London property portfolioCase study: Paragon completes £32m funding on PBSA development in CambridgeCase study: Aspen goes the extra mile(s) to complete five-day bridge in WokinghamCase study: Alternative Bridging completes £1.2m loan on semi-commercial property in South LondonCase study: HTB partner with Enness Global to complete £11.5m refinance for converted office building in West LondonCase study: Arc & Co. secures £10m development loan for residential scheme in DerbyshireLHV Bank completes £7m commercial loan for Manchester city centre officeCase study: HTB beats Christmas deadline to complete £3.3m development exit facilityCase study: Investec completes £11.5m development loan for super-prime residential Wentworth Estate propertyCase study: Inspired Lending completes £1.07m facility for MUFB purchase and refurbishment in CornwallCase study: Mera completes £11m bridging facility on residential property in Holland ParkCase study: Arc & Co. completes complex €11.1m French bridging dealCase study: Paragon completes £3.3m finance package for housing development in YorkCase study: UTB and Iron Bridge Finance team up to fund £10m South London developmentASG Finance completes £1.7M bespoke commercial bridge for 18th-century River Thames propertyAtom bank completes £6.25m commercial refinance for central London hotel chainHTB completes £3.93m development finance loan for commercial project in DarlingtonWhile funding remains a key topic, the retrofit conversation has evolvedRetrofit in 2025: from “How are we going to do this?” to “How can we make it business as usual?”Green belts & new infrastructure: predictions for homebuilding in 2025Case study: Sirius Finance completes £8m revolving credit facility on commercial portfolioCase study: Arc & Co. completes £3.85m funding package for a pre-existing site in ActonCase study: STB completes £10.5m loan to fund large HMO portfolioCase study: Hampshire Trust Bank & specialist broker complete £16.8m BTL funding for Midlands portfolioCase study: Avamore Capital completes £1.1m development loan for Gloucestershire housing projectCase study: Aspen completes £1.14m no valuation bridge on 10-bed ‘party house’ in North DevonCase study: Norton Broker Services completes £342,000 re-bridge loan for joint renovation projectCase study: STB completes £2.3m refinance loan on 8 premium student homes in LiverpoolCase study: StreamBank completes £225K bridging loan in just 15 working daysCase study: LHV Bank completes £7.4m refinancing for Essex shopping paradeCase study: Aspen saves residential project in six weeks with £1.4M loanCase study: Avamore Capital completes £3.6m development loan for nine flats in SuttonCase study: HTB completes £10.92m funding for Stoke-on-Trent PBSA developmentCase study: Hilco provides £21.3m development exit loan to family-owned London property developerCase study: BLEND provides £2.7m senior debt facility for new build housing development in West SussexCase study: HTB completes £12.8m bespoke refinance package on 65 rental units in BournemouthCase study: Cumberland BS partners with Enness Global on £1.1m high-end holiday let projectCase study: Arc & Co. and Quantum team up to complete £4.7m development loan for Cambridgeshire housing projectCase study: Hampshire Trust Bank completes £7.24m loan for redevelopment in Elephant and CastleCase study: Hilco completes £17m bridge to release equity in luxury apartment and commercial developmentCase study: Secure Trust Bank completes £13.7m loan on BTR development in EdinburghCase study: Aspen completes £7.8m bridge for super-prime purchase in KensingtonCase study: HTB completes a trio of development loans totalling £19.7m in three daysCase study: InterBay completes £54.5m refinance deal on ESG accredited officesCase study: MSC completes £27.5m commercial refinance bridgeCase study: Karis Capital completes £4.7m refinance on 28 property BTL portfolioCase study: Hilco completes £6.7m bridge for North East property developerCase study: Shawbrook completes £2.9m development exit loan for holiday home project in AngleseyCase study: Shawbrook provides £23.8m development loan for co-living scheme in CardiffCase study: Inspired Lending completes £844k loan for mixed-use development in BristolCase study: Arc & Co. completes £4.7m development loan for award-nominated project in MacclesfieldCase study: SPF completes £26.8m development loan for YASA’s new headquartersCase study: Aspen completes £3m Bridge-to-Let in under one monthCase study: BLEND completes £3.4m funding for new build development in CornwallCase study: Norton Broker Services completes complex mid-conversion bridge for residential developmentCase study: HTB completes 43-property portfolio refinance in five daysCase study: TAB converts bridging loan into long-term mortgage for £1.8m office building in WakefieldCase study: Inspired Lending and Life Financial Solutions complete £934k loan for residential development in KentCase study: Hilco completes £5.3m bridge for Manchester property developerCase study: TML completes complex self-employed case with large loans dealCase study: Word On The Street completes £8m BTL portfolio refinanceCase study: RAW Capital Partners completes BTL mortgage in four-daysCase study: Mortimer Street Capital completes £1.4m care home purchase via dual bridging facilityCase study: Aspen completes £1.13m Development Exit loan in 14 daysCase study: Paragon provides £25m development funding for housing scheme in EssexCase study: Hilco completes £4.5m development exit loan against Wimborne residential propertiesCase study: Aspen completes £6.95m light-development loan for super-prime Kensington projectDetective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance caseUnmasked: The Evil Corp cyber gangster who worked for LockBitHow to make the CMO your best friendBusinesses are getting some value from AI, but struggling to scaleOpen source is not a trust issue, it’s an innovation issueWellcome Sanger Institute revamps genome sequencing datacentre to cut energy usageAI advances in cancer careCase study: Secure Trust Bank completes £3.4m loan for luxury housing development in SurreyCyber teams say they can’t keep up with attack volumesThe cyber industry needs to accept it can’t eliminate riskHow to keep datacentres coolCase study: InterBay completes £42.5m refinance deal on large semi-commercial and buy to let portfolioCase study: Octopus completes £24m brownfield redevelopment loan for Wavensmere HomesUK on high alert over Iranian spear-phishing attacks, says NCSCCyber companies need a best practice approach to major incidents.Defaulting to open: Decoding the (very public) CrowdStrike eventPrinting vulnerability affecting Linux distros raises alarmCase study: HTB secures £9.5m loan in challenging £14m portfolio restructureRacist Network Rail Wi-Fi hack was work of malicious insiderUK government secures £10bn AI datacentre investment from US firmIslamophobic cyber attack downs Wi-Fi at UK transport hubsSemiconductor market scaleups to benefit from multimillion-pound investment from Innovate UKCase Study: Suros Capital saves overseas property purchase with asset-backed loanCase study: Assetz Capital funds 84 unit serviced apartment in BelfastCrowdStrike apologises to US government for global mega-outageGoogle Cloud files complaint with European Commission over Microsoft’s cloud licensing practicesNetApp E-series: Not part of the big message, but here to stay, says CEO
Trending News:Case study: Aspen completes complex £2.8m portfolio bridge for foreign nationalCase study: UTB completes £4m commercial bridge on a multi-let industrial unit in BrentfordCase study: Arc & Co. completes £26m bridge on property in KnightsbridgeCase study: HTB completes £7m bridge for multi-unit portfolio acquisitionCase study: Shawbrook completes bespoke £29.6m deal on residential project in MediaCityCase study: Inspired Lending completes £400k facility for commercial refurbishment project in DevonCase study: BML completes £20m BTL funding on prime central London property portfolioCase study: Paragon completes £32m funding on PBSA development in CambridgeCase study: Aspen goes the extra mile(s) to complete five-day bridge in WokinghamCase study: Alternative Bridging completes £1.2m loan on semi-commercial property in South LondonCase study: HTB partner with Enness Global to complete £11.5m refinance for converted office building in West LondonCase study: Arc & Co. secures £10m development loan for residential scheme in DerbyshireLHV Bank completes £7m commercial loan for Manchester city centre officeCase study: HTB beats Christmas deadline to complete £3.3m development exit facilityCase study: Investec completes £11.5m development loan for super-prime residential Wentworth Estate propertyCase study: Inspired Lending completes £1.07m facility for MUFB purchase and refurbishment in CornwallCase study: Mera completes £11m bridging facility on residential property in Holland ParkCase study: Arc & Co. completes complex €11.1m French bridging dealCase study: Paragon completes £3.3m finance package for housing development in YorkCase study: UTB and Iron Bridge Finance team up to fund £10m South London developmentASG Finance completes £1.7M bespoke commercial bridge for 18th-century River Thames propertyAtom bank completes £6.25m commercial refinance for central London hotel chainHTB completes £3.93m development finance loan for commercial project in DarlingtonWhile funding remains a key topic, the retrofit conversation has evolvedRetrofit in 2025: from “How are we going to do this?” to “How can we make it business as usual?”Green belts & new infrastructure: predictions for homebuilding in 2025Case study: Sirius Finance completes £8m revolving credit facility on commercial portfolioCase study: Arc & Co. completes £3.85m funding package for a pre-existing site in ActonCase study: STB completes £10.5m loan to fund large HMO portfolioCase study: Hampshire Trust Bank & specialist broker complete £16.8m BTL funding for Midlands portfolioCase study: Avamore Capital completes £1.1m development loan for Gloucestershire housing projectCase study: Aspen completes £1.14m no valuation bridge on 10-bed ‘party house’ in North DevonCase study: Norton Broker Services completes £342,000 re-bridge loan for joint renovation projectCase study: STB completes £2.3m refinance loan on 8 premium student homes in LiverpoolCase study: StreamBank completes £225K bridging loan in just 15 working daysCase study: LHV Bank completes £7.4m refinancing for Essex shopping paradeCase study: Aspen saves residential project in six weeks with £1.4M loanCase study: Avamore Capital completes £3.6m development loan for nine flats in SuttonCase study: HTB completes £10.92m funding for Stoke-on-Trent PBSA developmentCase study: Hilco provides £21.3m development exit loan to family-owned London property developerCase study: BLEND provides £2.7m senior debt facility for new build housing development in West SussexCase study: HTB completes £12.8m bespoke refinance package on 65 rental units in BournemouthCase study: Cumberland BS partners with Enness Global on £1.1m high-end holiday let projectCase study: Arc & Co. and Quantum team up to complete £4.7m development loan for Cambridgeshire housing projectCase study: Hampshire Trust Bank completes £7.24m loan for redevelopment in Elephant and CastleCase study: Hilco completes £17m bridge to release equity in luxury apartment and commercial developmentCase study: Secure Trust Bank completes £13.7m loan on BTR development in EdinburghCase study: Aspen completes £7.8m bridge for super-prime purchase in KensingtonCase study: HTB completes a trio of development loans totalling £19.7m in three daysCase study: InterBay completes £54.5m refinance deal on ESG accredited officesCase study: MSC completes £27.5m commercial refinance bridgeCase study: Karis Capital completes £4.7m refinance on 28 property BTL portfolioCase study: Hilco completes £6.7m bridge for North East property developerCase study: Shawbrook completes £2.9m development exit loan for holiday home project in AngleseyCase study: Shawbrook provides £23.8m development loan for co-living scheme in CardiffCase study: Inspired Lending completes £844k loan for mixed-use development in BristolCase study: Arc & Co. completes £4.7m development loan for award-nominated project in MacclesfieldCase study: SPF completes £26.8m development loan for YASA’s new headquartersCase study: Aspen completes £3m Bridge-to-Let in under one monthCase study: BLEND completes £3.4m funding for new build development in CornwallCase study: Norton Broker Services completes complex mid-conversion bridge for residential developmentCase study: HTB completes 43-property portfolio refinance in five daysCase study: TAB converts bridging loan into long-term mortgage for £1.8m office building in WakefieldCase study: Inspired Lending and Life Financial Solutions complete £934k loan for residential development in KentCase study: Hilco completes £5.3m bridge for Manchester property developerCase study: TML completes complex self-employed case with large loans dealCase study: Word On The Street completes £8m BTL portfolio refinanceCase study: RAW Capital Partners completes BTL mortgage in four-daysCase study: Mortimer Street Capital completes £1.4m care home purchase via dual bridging facilityCase study: Aspen completes £1.13m Development Exit loan in 14 daysCase study: Paragon provides £25m development funding for housing scheme in EssexCase study: Hilco completes £4.5m development exit loan against Wimborne residential propertiesCase study: Aspen completes £6.95m light-development loan for super-prime Kensington projectDetective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance caseUnmasked: The Evil Corp cyber gangster who worked for LockBitHow to make the CMO your best friendBusinesses are getting some value from AI, but struggling to scaleOpen source is not a trust issue, it’s an innovation issueWellcome Sanger Institute revamps genome sequencing datacentre to cut energy usageAI advances in cancer careCase study: Secure Trust Bank completes £3.4m loan for luxury housing development in SurreyCyber teams say they can’t keep up with attack volumesThe cyber industry needs to accept it can’t eliminate riskHow to keep datacentres coolCase study: InterBay completes £42.5m refinance deal on large semi-commercial and buy to let portfolioCase study: Octopus completes £24m brownfield redevelopment loan for Wavensmere HomesUK on high alert over Iranian spear-phishing attacks, says NCSCCyber companies need a best practice approach to major incidents.Defaulting to open: Decoding the (very public) CrowdStrike eventPrinting vulnerability affecting Linux distros raises alarmCase study: HTB secures £9.5m loan in challenging £14m portfolio restructureRacist Network Rail Wi-Fi hack was work of malicious insiderUK government secures £10bn AI datacentre investment from US firmIslamophobic cyber attack downs Wi-Fi at UK transport hubsSemiconductor market scaleups to benefit from multimillion-pound investment from Innovate UKCase Study: Suros Capital saves overseas property purchase with asset-backed loanCase study: Assetz Capital funds 84 unit serviced apartment in BelfastCrowdStrike apologises to US government for global mega-outageGoogle Cloud files complaint with European Commission over Microsoft’s cloud licensing practicesNetApp E-series: Not part of the big message, but here to stay, says CEO
The Information Commissioner’s Office (ICO) has issued a reprimand to the Electoral Commission after basic security errors allowed hackers linked to the Chinese state to gain access to servers containing the personal information of 40 million people.
The attackers gained access to personal information stored on the electoral register, including the names and home addresses of everyone who had registered to vote between 2014 and 2022. They also had access to the personal data of people who had opted not to register their details on the open version of the electoral register and the names of registered overseas voters.
The then Conservative deputy prime minister, Oliver Dowden, told the Commons in March 2024 that Chinese state-linked hacking groups were “highly likely” to have been behind the attack.
A separate campaign by a Chinese state-sponsored hacking group targeted the email accounts of over 40 UK parliamentarians who had spoken out against China.
Known vulnerabilities
Investigations into the attack against the Electoral Commission revealed that at least two hacking groups had accessed an on-premise Microsoft Exchange Server used to manage email and related services.
The groups exploited known vulnerabilities in the Exchange Server, which remained unpatched for three to five months after Microsoft had released fixes to the problem. The ICO found that the Electoral Commission did not have an “appropriate patching regime” in place, hence the security vulnerabilities remained.
If the Electoral Commission had taken basic steps to protect its systems, it is highly likely that this data breach would not have happened Stephen Bonner, ICO
The Electoral Commission was also criticised for its failure to have adequate password policies in place at the time of the attack. Investigations revealed that many users were using passwords that were similar or identical to those originally allocated by the service desk.
The information commissioner, Stephen Bonner, said: “If the Electoral Commission had taken basic steps to protect its systems, such as effective security patching and password management, it is highly likely that this data breach would not have happened. By not installing the latest security updates promptly, its systems were left exposed and vulnerable to hackers.”
Patching failures
According to the ICO report, hackers were able to access the unpatched Microsoft Exchange Server in August 2021 by exploiting a vulnerability known as the ProxyShell vulnerability chain.
The vulnerability, previously identified as a critical issue by Microsoft, was regarded as an easy vulnerability for hackers to exploit and was well known in the hacking community, having been discussed by researchers at the Black Hat hacking conference in 2021.
A report commissioned by the Electoral Commission later identified a further eight vulnerabilities on the organisation’s Microsoft Exchange Servers that could have been exploited by hackers.
“This failing is a basic measure that we would expect to see implemented in any organisation processing personal data,” the ICO said in a formal reprimand.
Guessable passwords
The ICO found that the Electoral Commission did not have a dedicated password management policy in place and that the only password guidance was “do not reveal or write down passwords”.
Security investigators discovered that passwords set up by the Electoral Commission’s IT service desk when it created new accounts or reset old accounts were insecure. The investigators were able to rapidly crack 178 active accounts using passwords that were identical or similar to passwords provided by the service desk. An audit found that the service desk’s practice of reusing passwords made the Electoral Commission’s accounts “highly susceptible” to cracking.
The Electoral Commission reported an incursion to the National Cyber Security Centre (NCSC) after an employee discovered that spam emails were being sent from the Electoral Commission’s Exchange Server in October 2021.
At the time, the Electoral Commission said it considered the issue to be an isolated incident, according to the ICO’s reprimand.
The Electoral Commission was aware of problems with outdated infrastructure and reported that as it was planning to move its infrastructure towards the cloud, “remedial action with the old servers was limited”, the ICO’s report stated.
China risk
In May 2024, GCHQ director Anne Keast-Butler warned that China’s cyber capabilities posed a significant threat to the UK and other countries.
“China has built an advanced set of cyber capabilities and is taking advantage of a growing commercial ecosystem of hacking outfits and data brokers at its disposal,” she said.
These include a campaign by a Chinese state-sponsored hacking group, known as APT31, that targeted the email accounts of more than 40 UK parliamentarians who had spoken out against China.
The Foreign, Commonwealth and Development Office summoned the Chinese ambassador to the UK to answer questions about the hacks in March 2024.
Remedial steps
The Electoral Commission said it had taken a series of remedial steps following the incident, including implementing a technology modernisation plan and introducing a managed infrastructure support service.
The Electoral Commission has also implemented services to monitor servers, firewalls and internet traffic, and to support threat and vulnerability programmes.
In addition, it has introduced password policy controls in Microsoft’s Active Directory and implemented multifactor authentication (MFA) for all users.
Information commissioner Bonner said that although an unacceptably high number of people were affected by the hack, the ICO had no reason to believe any personal data had been misused and there was no evidence that “direct harm” had been caused by the breach.
A spokesman for the Electoral Commission said: “We regret that sufficient protections were not in place to prevent the cyber attack on the commission. Since the cyber attack, security and data protection experts – including the ICO, National Cyber Security Centre and third-party specialists – have carefully examined the security measures we have put in place and these measures command their confidence.”
Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case
A former detective brought in to investigate the confidential sources of two journalists who exposed collusion between police in Northern Ireland and paramilitary groups reported solicitors acting on their behalf…
Unmasked: The Evil Corp cyber gangster who worked for LockBit
The UK’s National Crime Agency (NCA) has named and shamed a high-profile LockBit affiliate as its ongoing Operation Cronos takedown action against the notorious gang continues, exposing a relationship with…
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.