Cyber Attack on UK’s Labor Party Leaks Supporter’s Details
Table of Contents
- By David Lukic
- Published: Dec 07, 2021
- Last Updated: Mar 18, 2022
The UK Labor Party has disclosed that it suffered a significant cyberattack. Threat actors targeted a supplier handling the party’s data. Party officials were unable to access party information that was on the hacked network and no ransom has been demanded yet.
What Happened?
A cyberattack affecting the UK’s Labor Party was revealed on October 29, though the nature of the attack is currently unknown. The attack affected a computer belonging to a third-party organization that handles the Labor Party’s digital information.
Early investigations reveal that while the party’s computer systems remain intact, information on the affected network was inaccessible, which includes information on active party members and other data on the computer network. The party said they are still working to understand the full scope of this cyber attack.
A statement released by the Labor Party said,
“While the party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response.”
“(A) third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their system.”
This cyber incident was not the first ransomware attack that affected the Labor Party. Last year, a ransomware attack compromised the network of Blackbaud; a company that stores the Labor party’s information. Party members were immediately alerted and advised to take appropriate security measures to protect themselves.
What Information Could Be Exposed?
The magnitude of the breach and which information was accessed are still not known, but the information stored on the compromised computer system includes financial and personal data of active Labor members. The Labor Party currently has about 430,000 members.
It also appears that past, unregistered party supporters were affected. One Twitter user who abandoned the Labor Party in 2009 claims to have received the notification. Others claim they received the same notice even though they have never been Labor Party members.
Labor said compromised data could include information that members, supporters, and affiliates have provided. In a similar cyber incident last year, Labor announced that email addresses, phone numbers, and donation amounts were part of stolen data. Although details of this particular incident are yet to be known, it is clear that the breach happened. At this time, no one knows who the hacker is or what they want in return.
How Did the Labor Party Respond?
As soon as they became aware of the incident, Labor contacted external cyber experts for assistance with the investigation. They also reported the cyber attack immediately to appropriate authorities like the National Crime Agency (NCA), the National Cyber Security Centre (NCSC), and the Information Commissioner’s Office. All three government agencies are currently investigating the data breach.
NCSC said,
“We are aware of this issue, and we are working with the Labor Party to fully investigate, and mitigate any potential impact.”
How Can Their Supporters Stay Safe?
Members of the Labor Party who may be affected were encouraged to be cautious before replying to any suspicious emails, phone calls, and text messages. According to the agencies conducting the investigations, party supporters should review the security of their online accounts as soon as possible.
Investigators urged Labor Party members to create strong and secure passwords for their accounts. They were also encouraged to use two-factor authentication (2FA) to add that extra layer of security to all of their online accounts.