UK Labour Party Members Hacked

UK’s Labour Party has been the victim of another cyber attack, with members being warned their data may have been breached. It is understood the party was the subject of a second distributed denial of service (DDoS) attack. Such attacks use “botnets”, networks of compromised computers, to flood a server with requests that overwhelm it.

The scope of the attack is not yet clear but the data involved includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.

It has informed its members of the cyber attack on a third party that handles data on behalf of Labour: “We wish to inform you that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response.

“We have also provided details of precautionary steps you may consider taking to help protect yourself”, which resulted in a “significant quantity of party data being rendered inaccessible on their systems”.

A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Labour has not said who it suspects is behind the attacks, but said it was confident its security systems ensured there was no data breach. However, supporters have been emailed to warn them information being stored by a third party may have been compromised.

The scope of the hack is not yet clear but the party said the data affected includes information provided by members, and others. According to sources, the unnamed third party may have suffered a DDoS attack which has rendered data unusable or inaccessible. 

In a letter to the UK National Crime Agency (NCA) from Labour, party officials confirm they were informed of the incident on 29 October. "The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems," the letter states. "As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO)."

These events follow a dispute over access to membership data  in which the Labour Party risked a £15m fine for not adequately protecting members' confidential data

Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.

DDoS attacks can vary in sophistication, but are generally easily mitigated. Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic. 

At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic rises, as when cinema websites collapse when a new film is released.

Labour.org:        Labour List:      The Scotsman:      BBC:     Metro:    Sky:      Telegraph:        Guardian

You Might Also Read: 

The Personal Data Being Used To Get Your Vote:

« Facebook Ends Recognition Software
Focus On Fighting Cyber Crime In Financial Services »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.