The Labour Party is the latest in a number of organisation to have their data breached following a cyber-attack on cloud computing provider Blackbaud. Hackers are believed to have accessed information about thousands of party donors over a period of several years. The Party are understood to have been first informed of the breach on July 16 and will be informing all of those impacted by the attack later this week.
Inside sources told ITV News they believe personal and confidential information about donors, including analysis that was run by the party about their personal views, is likely to have been accessed.
They also said that all donors, including those who donated less than £7,500 and therefore did not have to declare their donation to the Electoral Commission, are likely to have had their data breached.
A Labour spokesperson said: “We have been alerted by one of our suppliers, Blackbaud, that they have suffered a data breach.
“We have reported the matter to the [UK’s Information Commissioner’s Office] ICO and are working to establish further facts around this situation.
“We will take any action necessary in line with our statutory obligations.”
At least 125 other organisations have been affected by the breach, including universities and charities, the ICO revealed.
Other organisations that fell victim to the cyber attack include the National Trust, Breast Cancer Now, multiple Oxbridge colleges and Durham University.
A spokeswoman for the ICO said: “Blackbaud has reported a data breach incident which has potentially affected a large number of UK organisations using its services and we are making enquiries.”
“Organisations involved should be getting in touch with their customers to inform them if their personal data has been impacted.”
Blackbaud, a US cloud software supplier, said its systems were compromised with an as-yet unknown ransomwhereh.
The software company paid off its attackers, and has been assured from the cyber criminals that all the data compromised has been destroyed.
However, cyber security experts agree that such an assurance is worth very little.
The firm’s spokesperson said they believed the motivation behind the attack was business disruption rather than data theft, although it has hired a third-party team of experts to monitor the dark web as a precaution.
Blackbaud has said the data did not include bank account or payment card details.