In an email and notification to members, on the 3rd of November, the Labour Party announced that it had been the subject of a data breach. The breach occurred when a third party that handles data on its behalf suffered a cyber-attack.
The third-party data holder is unknown, though the sensitive information of hundreds of thousands of supporters may be at risk. The Labour Party has a membership of around 400,000 individuals.
Labour was first informed of the incident by the third party on the 29th of October. The breach resulted in a “significant quantity of Party data being rendered inaccessible on their systems” Members were informed several days later.
The Labour Party have since stated they began to act as soon as the data breach became known to them. They state that they engaged the services of external experts and notified the relevant authorities. This includes the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
A previous data breach by an NHS Trust saw a mother awarded £2,500 in compensation after sensitive medical information was released without permission.
The full extent of the data breach is still under investigation. The NCSC has warned anybody “who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages”.
Labour states they are “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident”.
Several pieces of advice have been recommended to increase the security of personal data. This includes being vigilant against suspicious messages and phone calls. It also advises individuals to implement two-factor authentication (2FA) wherever possible.
The NCSC urges any Labour members who find themselves receiving suspicious calls/messages to report to their hotlines ASAP.
There is a worry that this information could be used in coordination with phishing attempts. “Phishing” is a practice of criminals, whereby previously obtained information is used to help con victims. This information can be used to impersonate legitimate companies and banks.
CEL Solicitors are already in talks with over 50 party members and supporters regarding Labour Party data breach claims.
GDPR breaches are becoming more and more common in our evolving digital world. Our dedicated team of data breach specialists are on hand to help those affected receive the compensation they deserve. You can find more information on how we can help on our Data Breach Claims page.
Recent examples of data breach cases include The Riverside Group data breach and the Hospital Metalcraft data breach – both of which involved the unauthorised copying of a large amount of personal information from a company server.
Commenting on the Labour Party data breach, Mark Montaldo, director and data breach solicitor at CEL Solicitors had this to say:
“Labour party members and supporters don’t yet know what information has been compromised, which means they’re currently in the dark about the severity of this data breach. Naturally this is amplifying their concerns as they’re not sure how best to protect themselves from hackers who now hold their personal details. We would therefore urge everyone affected to consider what information they’ve provided to the Labour Party. If they’ve provided financial details, they should notify their bank and check their accounts for any unusual transactions. They should also be wary of scammers as all too often we see data breach victims go on to be subject to fraud. They should therefore be vigilant when receiving phone calls, texts and emails, especially those requesting payment or updated payment information.”