NCA probes incident in which personal info of members and supported may have been breached
Credit: Steve Parsons/PA Archive/PA Images
The National Crime Agency is investigating how a “significant quantity” of data possessed by the Labour Party, including the personal details of party members and supporters, has been breached in a “cyber incident”.
An unnamed IT firm which handles data on Labour’s behalf informed the party that large volumes of data had been “rendered inaccessible on their systems,” Labour said on Wednesday in a statement.
The party is “working closely and on an urgent basis” with the third-party company to ascertain the nature and impact of the incident, it added.
Related content
- Labour Party hit with two DDoS attacks
- Why cybersecurity would lead a Labour government’s digital transformation agenda
- Life hacks – a year at the National Cyber Security Centre
The party confirmed that some of the data affected by the breach includes information provided to Labour by members, registered and affiliated supporters, and other individuals who shared their details with the party.
Labour said it had informed the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) about the incident.
In an email to those potentially affected, Labour urged them to be “especially vigilant against suspicious activity” like dubious emails, phone calls and text messages.
An NCA spokesperson said: “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact. We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.
Labour added: “The party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.”