Labour Party member data exposed in breach

In an announcement on their website, the UK Labour Party informed members that their data may have been included in a recent cyberattack on a third-party data services provider.

The Party was notified of the incident by their data services provider on 29 October, and engaged cybersecurity experts to investigate. The announcement stated that they are continuing to work with these investigators “in order to understand the full nature, circumstances and impact of the incident.”

Data exposed in the breach includes member information, as well as registered supporters and other individuals and groups that have provided information to the Party. In addition to beginning an investigation, the Labour Party also immediately involved relevant authorities at the National Crime Agency, National Cyber Security Centre, and the Information Commissioner’s Office. According to the website, the Labour Party’s own data systems were not affected by the breach.

The announcement also included contact information, for those that may be concerned about their own data, or have additional questions related to the cyber security incident. The Labour Party will also provide updated information on their website as it becomes available, under the guidance of investigative authorities.

In 2019, the Labour Party suffered two DDoS attacks on their own systems within days of each other, although at that time they assured the public that their data was not at risk. A party spokeswoman said, “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.”

Of the most recent incident, a spokesman for the National Cyber Security Center (NCSC) said, “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.

“We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.”