Labour Party “data incident”

A significant data incident has been reported from the labour party.

https://labour.org.uk/about-your-data/

 

Multiple sources have confirmed what appears to be a ransomware attack, blocking access to members data by the Labour party itself!

 

What information was involved, and when did the incident happen?

 

In a statement released by the Labour Party, it was informed of the breach on the 29th of October 2021. The statement confirmed;

“We understand that the data includes information provided to the Labour Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.”

News sources also report that historical member data is also affected by some ex-party members, affiliates, and unregistered individuals being informed of the breach by Labour. Some complaints have allegedly been lodged with the ICO concerning GDPR breaches. The somewhat ambiguous Labour Party privacy policy (found here https://labour.org.uk/privacy-policy/) is the source of concern from some previous members. It could even affect anyone on the electoral roll for the past 15 years.

The incident has been reported to the Information Commissioners Office (ICO), and the Labour party is working with the anonymous service provider, the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to “understand the full nature, circumstances and impact of the incident”. 

If you have any cause for concern, think your data may have been affected, please direct your enquiries to privacy@labour.org.uk