Labour investigates data breach after members’ information was stolen – LabourList

The Labour Party has told members that it has launched an investigation following a data breach in which a “historic backup file containing personal information was stolen by a cybercriminal”.

In an email to a number of members this afternoon, the party described how one of its suppliers – a company called Blackbaud – had “been the victim of a sophisticated ransomware attack, which occurred earlier this year”.

The message from the party was only sent to members affected by the breach. LabourList understands that it was received by around 3% of the overall membership and that the breach covers a period that goes back several years.

Labour has stressed that “no sensitive information, such as bank account information, passwords or usernames, was taken”. According to the email sent by the party this afternoon, the information affected includes:

  • Names;
  • Email addresses;
  • Telephone numbers; and
  • Amounts donated to the Labour Party.

In the correspondence, Labour has said that the supplier’s security experts have investigated the incident and that the company has received assurances that the personal information was deleted after the payment of a ransom.

The party said that it is “working closely with Blackbaud, as well as our governance, legal, data protection and IT teams to gather more information about the breach” and has reported the breach to the Information Commissioner’s Office.

This follows recent reports that several people are considering legal action against Labour after the leaking of an internal report – lawyer Mark Lewis told BBC Newsnight that this was partly due to data breaches and misuse of private information.

The Labour leadership election that took place earlier this year was also engulfed in a row over alleged misuse of Labour Party members’ personal information in the course of the candidates’ campaigns.

Below is the full text of the email sent to members.

Dear member,

Important message from the Labour Party.

Blackbaud data breach

You may have heard that one of our suppliers, Blackbaud, has suffered a data breach. The Labour Party takes its responsibilities regarding data security very seriously and this notice is intended to provide further information about this situation.

What happened

Blackbaud have notified the Labour Party that they have been the victim of a sophisticated ransomware attack, which occurred earlier this year. During this time, a historic backup file containing personal information was stolen by a cybercriminal. It is important to immediately note that no sensitive information, such as bank account information, passwords or usernames, was taken. Blackbaud have also confirmed that they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result.

Blackbaud have confirmed to us that the following personal data was affected:

  • Names
  • Email addresses;
  • Telephone numbers;
  • Amounts donated to the Labour Party.

We have been assured by Blackbaud that their security experts have fully investigated the attack and are in constant contact with the Information Commissioner’s Office (“ICO”) about the situation.

Actions the Labour Party has taken

The Labour Party has launched its own investigation and is working closely with Blackbaud, as well as our Governance, Legal, Data Protection and IT teams to gather more information about the breach. We will take any measures necessary to protect your data, and in line with our data protection obligations, we have also notified the ICO about this breach.

What you need to do

While there is no action you need to take at this time, if you do become aware of any suspicious activity or suspected identity theft, you should notify the proper law enforcement authorities.

We very much regret the concern or inconvenience caused as a result of this news.

The Labour Party

Value our free and unique service?

LabourList has more readers than ever before – but we need your support. Our dedicated coverage of Labour’s policies and personalities, internal debates, selections and elections relies on donations from our readers.

Support LabourList

Source link

Leave a comment