The Tasmanian Electoral Commission says an "unknown attacker" has breached a server's security and downloaded a back-up file containing the names, addresses, emails, and date-of-birth information of electors.
The breach occurred through a server of the Barcelona-based company Typeform, whose online forms have been used on the TEC website since 2015 for election services, the commission said in a statement[1] on Saturday.
Typeform said the breach was identified on June 27, with the vulnerability closed down within half an hour of detection.
The commission said it's believed the stolen elector data on the online forms included names, addresses, emails, and date-of-birth information provided by electors when applying for an express vote at the recent state and Legislative Council elections.
The commission said it would be contacting electors who used the services in coming days to inform them of the breach.
"The Electoral Commission apologises for the breach, and will re-evaluate its collection procedures and internal security elements around its storage of electoral information for future events," its statement said.
It said the breach had no connection to the national or state electoral roll.
In its statement[2] on the breach, Typeform said the data exfiltrated was from "a partial backup dated May 3rd 2018", and the "risk of reoccurrence is now deemed low enough to send out this communication".
The company said results collected since May 3 are not affected, nor were subscription payment information and Typeform login details.
"We have immediately initiated a comprehensive review of our system security and have identified the source of the breach and have addressed that security vulnerability," Typeform said.
"In the short term, we brought in forensic