Labour Party members’ data hit by cyber incident


The Labour Party has been affected by a “cyber incident” involving its members’ data resulting in “a significant quantity” of party data “rendered inaccessible on their systems”.

Labour said it was told on 29 October that it had been affected by the event by a third party firm that handled membership data on its behalf.

The Information Commissioner’s Office and National Cyber Security Centre are both looking into the incident.

In a statement, Labour said it was working closely with the two authorities, as well as the National Crime Agency, to find out what had happened.

The party also said it was “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident”, but that its own data systems were unaffected.

Labour has yet to reveal who the third party is, the scale of the incident or what type of data was affected.

But it did say the incident involved information provided to the party by its “members, registered and affiliated supporters, and other individuals who have provided their information”.

Commenting on the leak Mike Campfield, VP of EMEA Operations, ExtraHop, said: “The Labour party’s supply chain attack has left the party warning members’ their data, stored by a third party supplier, may have been breached. This tactic is quickly becoming a firm favourite among bad actors, with this being the third critical supply chain attack on record this year.

Organisations are more and more reliant on external entities for services, but if third party suppliers have little to no ability to defend against these attacks, organisations have no chance of protecting themselves. Knowing your suppliers to assess and understand blind spots is vital to fighting against these looming threats. If just one supplier’s security processes trails behind the rest, it quickly becomes the weakest link and therefore most attractive entry point for bad actors.

Zero trust frameworks, which assume you can’t trust anyone, are being adopted to fight supply chain attacks. However, this isn’t enough to keep bad actors out. Businesses need visibility to understand how to identify if anything is lurking on their IT network. When organisations have complex supply chains, they need visibility across all customers to protect against any threats. It’s a must to be able to see activity, including any files going into or leaving their IT environment, even in an encryption event, that can be identified to know the extent of potential damage.”


Like it? Share with your friends!

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Administrator

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube and Vimeo Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format