The Labour Party has confirmed it has been hit by a cyberattack, which it was informed of on October 29. The incident had resulted in a significant quantity of party data being rendered inaccessible on its systems.
The party released a statement about the incident: ‘As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The party continues to work closely with each of these authorities. The party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The party’s own data systems were unaffected by this incident. Sources have confirmed this is a ransomware incident.’
Oliver Tavakoli, CTO at Vectra AI, said: “There a is a bit of déjà vu to reports of data breaches involving information about members of the Labour Party. The past two breaches – one in 2020 and one today – are both attributed to ransomware attacks on third parties who have been contracted to manage the data. This underscores the importance of choosing these third parties not just based on price and value, but also based on their security practices and ability to detect and head off attacks before the ransom note is received.”