Labour Party discloses cyber attack, members' data stolen
Members' data stolen in attack on third-party supplier
The Labour Party has suffered a ‘cyber incident' with personal details of members stolen from an unnamed third-party company that handles its membership data.
In a statement the party says it was informed of the incident on October 29th and that "a significant quantity of Party data" had been rendered inaccessible. Labour does not give further details about the attack, but from that description ransomware seems likely.
The National Crime Agency, the NNCSC, the ICO and parliamentary security are all investigating, according to the party.
The information stolen includes "information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party."
Previous members have reported receiving emails from Labour warning them about the theft, which may raise questions about why the party has kept hold of their details.
The party advises those whose data may have been stolen to be watchful for "suspicious activity, including suspicious emails, phone calls or text messages" and to implement two-factor authentication (2FA) where possible.
This is not the first time the Labour Party has been the victim of a cyber attack.
In November 2019 it was hit by a DDoS attack, which it said it saw off thanks to its ‘robust security systems."
In August 2020 it was caught up in a ransomware attack on Blackbaud, another third-party supplier.
In that incident, which also affected a number of universities and charities, personal data including names, email address, telephone numbers and details of annual donations were stolen. Blackbaud paid an undisclosed sum as a ransom and was told the information had been destroyed.