The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information was impacted by the security breach.
The investigation is still ongoing with the help of external experts to determine the extent of the incident.
“On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems.” reads the data breach notification published on the party’s website. “As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).”
Exposed data includes information provided by members, registered and affiliated supporters, and other individuals who have provided their info to the Labour Party.
The Labour Party recommends members potentially impacted individuals to be vigilant against suspicious activity (i.e. suspicious emails, phone calls or text messages) and enable two-factor authentication (2FA) where possible.
(SecurityAffairs – hacking, data breach)