UK Labour Party Members Hacked
UK’s Labour Party has been the victim of another cyber attack, with members being warned their data may have been breached. It is understood the party was the subject of a second distributed denial of service (DDoS) attack. Such attacks use “botnets”, networks of compromised computers, to flood a server with requests that overwhelm it.
The scope of the attack is not yet clear but the data involved includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.
It has informed its members of the cyber attack on a third party that handles data on behalf of Labour: “We wish to inform you that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response.
“We have also provided details of precautionary steps you may consider taking to help protect yourself”, which resulted in a “significant quantity of party data being rendered inaccessible on their systems”.
A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Labour has not said who it suspects is behind the attacks, but said it was confident its security systems ensured there was no data breach. However, supporters have been emailed to warn them information being stored by a third party may have been compromised.
The scope of the hack is not yet clear but the party said the data affected includes information provided by members, and others. According to sources, the unnamed third party may have suffered a DDoS attack which has rendered data unusable or inaccessible.
In a letter to the UK National Crime Agency (NCA) from Labour, party officials confirm they were informed of the incident on 29 October. "The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems," the letter states. "As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO)."
These events follow a dispute over access to membership data in which the Labour Party risked a £15m fine for not adequately protecting members' confidential data
Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.
DDoS attacks can vary in sophistication, but are generally easily mitigated. Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic.
At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic rises, as when cinema websites collapse when a new film is released.
Labour.org: Labour List: The Scotsman: BBC: Metro: Sky: Telegraph: Guardian:
You Might Also Read: