UK Labour Party Members Hacked

Uploaded on 2021-11-05 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

UK’s Labour Party has been the victim of another cyber attack, with members being warned their data may have been breached. It is understood the party was the subject of a second distributed denial of service (DDoS) attack. Such attacks use “botnets”, networks of compromised computers, to flood a server with requests that overwhelm it.

The scope of the attack is not yet clear but the data involved includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.

It has informed its members of the cyber attack on a third party that handles data on behalf of Labour: “We wish to inform you that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response.

“We have also provided details of precautionary steps you may consider taking to help protect yourself”, which resulted in a “significant quantity of party data being rendered inaccessible on their systems”.

A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Labour has not said who it suspects is behind the attacks, but said it was confident its security systems ensured there was no data breach. However, supporters have been emailed to warn them information being stored by a third party may have been compromised.

The scope of the hack is not yet clear but the party said the data affected includes information provided by members, and others. According to sources, the unnamed third party may have suffered a DDoS attack which has rendered data unusable or inaccessible. 

In a letter to the UK National Crime Agency (NCA) from Labour, party officials confirm they were informed of the incident on 29 October. "The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems," the letter states. "As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO)."

These events follow a dispute over access to membership data  in which the Labour Party risked a £15m fine for not adequately protecting members' confidential data

Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.

DDoS attacks can vary in sophistication, but are generally easily mitigated. Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic. 

At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic rises, as when cinema websites collapse when a new film is released.

Labour.org:        Labour List:      The Scotsman:      BBC:     Metro:    Sky:      Telegraph:        Guardian

You Might Also Read: 

The Personal Data Being Used To Get Your Vote:

« Facebook Ends Recognition Software
Focus On Fighting Cyber Crime In Financial Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

Relyum

Relyum

Relyum provides innovative solutions for networking, synchronization and cybersecurity in critical systems.

SPARTA Consortium

SPARTA Consortium

SPARTA tackles hard innovation challenges, leading the way in building transformative capabilities and forming a world-leading cybersecurity competence network across the EU.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.