The Labour Party has been the victim of another cyber attack, with members being warned their data may have been breached.
Supporters have been emailed this afternoon to warn them information being stored by a third party may have been compromised.
The scope of the hack is not yet clear but Labour said the breach has likely affected members, affiliated supporters and others who provided them with information.
The message said the party had been informed of the breach on October 29 by an IT firm, which it has not named.
It added: ‘The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems.
‘As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The Party continues to work closely with each of these authorities.’
The NCA has confirmed it is leading a criminal investigation into what happened.
Labour’s statement continued: ‘The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party’s own data systems were unaffected by this incident.
‘We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.
‘The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.’
Labour has suffered at the hands of cyber criminals before. In August 2020 it informed supporters that one of its suppliers – a company called Blackbaud – had ‘been the victim of a sophisticated ransomware attack, which occurred earlier this year.’
Personal data including names, email address, telephone numbers and details of annual donations were stolen.
On that occasion, Blackbaud paid the ransom and was given reassurances that the data was destroyed.
Giving an update on the latest hack, an NCA spokesman said: ‘The NCA is leading the criminal investigation into a cyber incident impacting on the Labour Party.
‘We are working closely with partners to mitigate any potential risk and assess the nature of this incident.’
An NCSC spokesman added: ‘We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
‘We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.
‘The NCSC is committed to helping organisations manage their cyber security and publishes advice and guidance on the NCSC website.’
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.