The U.K. Labor Party told members that some of their information had been compromised in a data leak after a ransomware operation targeted a supplier handling the party’s data.
After informing appropriate authorities about the occurrence, the leak was reported in a data breach notification placed on the party’s website.
The Party quickly engaged third-party specialists after being aware of these issues, and the incident was reported to the appropriate authorities, including the National Cyber Security Centre (NCSC), the National Crime Agency (NCA), and the Information Commissioner’s Office (ICO).
Information submitted by members, registered & linked supporters, and those who have provided their information to the Party is included in the data implicated in the incident. The event is still under investigation, and the real nature and consequences of the data breach remain unknown at this time.
Members of the Labor Party who may be affected by this event are advised to be cautious when responding to suspicious emails, phone calls, or text messages and use two-factor authentication (2FA) to secure their online accounts whenever feasible.
While the Labor Party in the United Kingdom did not reveal the nature of the issue, sources close to the investigation informed Sky News that the attack entailed ransomware being installed on the computers of a third-party provider that contained Labor Party data.
Following a similar incident last year, the Labor Party confirmed a data breach in July, when prominent cloud software company Blackbaud and one of the party’s suppliers were targeted by a ransomware operation in May 2020, which was revealed on July 16.
According to the party at the time, members’ names, email addresses, phone numbers, and donation amounts were among the information stolen.
Blackbaud claimed in an 8-K filing with the U.S. Securities and Exchange Commission that additional forensic analysis for some alerted consumers, the fraudster may have obtained some unencrypted sections meant for bank account information, social security numbers, usernames, or/and passwords.
Charities, non-profits, foundations, and universities from the United States, Canada, the United Kingdom, and the Netherlands were also hit by the Blackbaud ransomware attack.