This article is more than 1 year old
Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack
As membership website goes TITSUP*
The UK's Labour Party, the official opposition to the country's ruling Conservatives, has suffered a humiliating data breach.
Members of the party were sent notice of the issue mid-afternoon UK time, which confirmed a "third party that handles data on our behalf has been subject to a cyber incident."
The email, titled "Private and Confidential," read: "On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems."
We have asked Labour if it's referring to ransomware, and if so, if a ransom demand has been made or paid.
The email continued:
As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
The Party continues to work closely with each of these authorities. The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party's own data systems were unaffected by this incident.
Labour said the compromised data includes information provided to the political party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party, such as former members.
"The full scope and impact of the incident is being urgently investigated," it said.
Labour Party news website LabourList said that membership website labourmembership.com had been pulled offline in recent days because of the cyber "incident."
The website was still unreachable at the time of publication.
The party has been targeted before.
- 8-month suspended sentence for script kiddie who DDoS'd Labour candidate in runup to 2019 UK general election
- Activist raided by police after downloading London property firm's 'confidential' meeting minutes from Google Search
- UK's Labour Party calls for delay to NHS Digital's GP data slurp until patients can be properly informed
- Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage
- UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies
In 2019, its campaign site was hit by a "sophisticated and large-scale cyber-attack". A spokeswoman said at the time: "We have experienced a sophisticated and large-scale cyber-attack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred."
Last year, the Party was also caught up in the attack on cloud CRM provider Blackbaud.
An NCSC spokesperson said:
"We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
"We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance." ®
* Total Inability To Support Underdogs in Politics