UK Labour Party Members Hacked

UK’s Labour Party has been the victim of another cyber attack, with members being warned their data may have been breached. It is understood the party was the subject of a second distributed denial of service (DDoS) attack. Such attacks use “botnets”, networks of compromised computers, to flood a server with requests that overwhelm it.

The scope of the attack is not yet clear but the data involved includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.

It has informed its members of the cyber attack on a third party that handles data on behalf of Labour: “We wish to inform you that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response.

“We have also provided details of precautionary steps you may consider taking to help protect yourself”, which resulted in a “significant quantity of party data being rendered inaccessible on their systems”.

A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Labour has not said who it suspects is behind the attacks, but said it was confident its security systems ensured there was no data breach. However, supporters have been emailed to warn them information being stored by a third party may have been compromised.

The scope of the hack is not yet clear but the party said the data affected includes information provided by members, and others. According to sources, the unnamed third party may have suffered a DDoS attack which has rendered data unusable or inaccessible. 

In a letter to the UK National Crime Agency (NCA) from Labour, party officials confirm they were informed of the incident on 29 October. "The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems," the letter states. "As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO)."

These events follow a dispute over access to membership data  in which the Labour Party risked a £15m fine for not adequately protecting members' confidential data

Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.

DDoS attacks can vary in sophistication, but are generally easily mitigated. Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic. 

At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic rises, as when cinema websites collapse when a new film is released.

Labour.org:        Labour List:      The Scotsman:      BBC:     Metro:    Sky:      Telegraph:        Guardian

You Might Also Read: 

The Personal Data Being Used To Get Your Vote:

« Facebook Ends Recognition Software
Focus On Fighting Cyber Crime In Financial Services »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.