An investigation is underway after personal information from Labour Party members and supporters was among a ‘significant quantity’ of data affected by a ‘cyber incident’.
The alleged cyber crime involved an IT firm which handles data for the Labour Party and the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have been informed.
The NCA said it is spearheading a criminal investigation into what happened.
It comes after one of the party’s suppliers, Blackbaud was also hacked in August last year, with personal data having been stolen on that occasion.
A Labour spokesman said the party was informed of the incident on October 29 by the IT firm, which it has not named.
“The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems,’ the spokesman told Mail online.
“As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities.
“We understand that the data includes information provided to the party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party.”
The party has urged members and supporters who may have been affected to take extra precautions online, in line with NCSC guidance.
An NCA spokesman said: “The NCA is leading the criminal investigation into a cyber incident impacting on the Labour Party.
We are working closely with partners to mitigate any potential risk and assess the nature of this incident.”
An NCSC spokesman said: “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
“We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.
“The NCSC is committed to helping organisations manage their cyber security and publishes advice and guidance on the NCSC website.”
In August 2020, Blackbaud, a supplier of the Labour party was also hacked, with cyber criminals making off with personal data such as names, email address, telephone numbers and details of annual donations.
The company paid the ransom demand and were given an assurance that the stolen data had been deleted.