The Labour Party has admitted that a recent “cyber incident” has put members’ data at risk. However, but perhaps unsurprisingly for a political organisation, the party has been somewhat vague around precisely what has happened.
Labour said it became aware of the incident on 29th October. The party said it was notified of the issue by a third-party firm that it uses to handle membership data.
A spokesman for the NCSC said: “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
“We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.”
Labour vague, but signs point to a ransomware attack
In a statement, Labour said it was working with the two above agencies and the National Crime Agency to establish how the incident occurred.
While not disclosing the identity of the firm that notified it of the incident, Labour also said it was “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident”, but that its own data systems were unaffected.
It is also unclear how serious an incident this is in terms of scale or what specific data has been affected. However, Labour did say the incident involved data provided by “members, registered and affiliated supporters, and other individuals who have provided their information.”
Despite the lack of specific detail about the incident, it appears the third-party service provider in question has likely fallen victim to a ransomware attack. While it isn’t clear whether it is Labour or another party that has directly suffered the breach, the statements suggest it is the unnamed third-party.
Are you a Labour member? If this breach affects you, you could be entitled to compensation
If your data is leaked or your privacy compromised by this incident, you could be entitled to compensation. While we’ll await the outcome of the ICO’s investigation before proceeding with any potential data breach claims, you can still contact us now to tell us if you’ve been affected and for a free, no-obligation assessment of your potential claim.