Labour hit by ANOTHER cyber attack: Party members warned their personal information has been hacked
Labour hit by ANOTHER cyber attack: Party members are warned their personal information has been hacked in ‘significant’ security breach
- Personal data from Labour members and supporters affected by ‘cyber incident’
- Full investigation underway, but Labour’s own data systems were unaffected
- Labour was informed about the incident by an unnamed IT firm on October 29
- Members and supporters who may have been affected warned to be cautious
Personal information from Labour Party members and supporters is among a ‘significant quantity’ of data affected by a ‘cyber incident’.
The incident involved an IT firm which handles data on Labour’s behalf, and the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have been informed.
The NCA said it is leading a criminal investigation into what happened.
The full scale of the incident is being investigated but Labour’s own data systems were unaffected.
Personal information from Labour Party members and supporters is among a ‘significant quantity’ of data affected by a ‘cyber incident’ (stock image)
It comes after one of the party’s suppliers, Blackbaud was also hacked in August last year, with personal data having been stolen on that occasion.
Commenting on the most recent incident, a Labour spokesman said the party was informed of the incident on October 29 by the IT firm, which it has not named.
‘The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems,’ the spokesman said.
‘As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities.’
Labour is ‘working closely and on an urgent basis’ with the IT firm in order to understand the full nature, circumstances and impact of the incident.
‘We understand that the data includes information provided to the party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party,’ the Labour spokesman said.
The party urged members and supporters who may have been affected to take extra precautions online, in line with NCSC guidance.
An NCA spokesman said: ‘The NCA is leading the criminal investigation into a cyber incident impacting on the Labour Party.
The full scale of the incident is being investigated but Labour’s own data systems were unaffected. Labour is ‘working closely and on an urgent basis’ with the IT firm in order to understand the full nature, circumstances and impact of the incident
‘We are working closely with partners to mitigate any potential risk and assess the nature of this incident.’
An NCSC spokesman said: ‘We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
‘We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.
‘The NCSC is committed to helping organisations manage their cyber security and publishes advice and guidance on the NCSC website.’
In August 2020, Blackbaud, a supplier of the Labour party was also hacked, with cybercriminals making off with personal data such as names, email address, telephone numbers and details of annual donations.
The company paid the ransom demand and were given an assurance that the stolen data had been deleted.