UK Labour Party Compromised Through Third-Party Breach

Edward Kost
Edward Kost
November 8, 2021

The UK Labour Party has been impacted by a data breach for the second time in a year. 

Instead of targeting the Labour Party directly, cyber attackers comprised a third-party vendor with access to the party’s sensitive member data - a type of cyber attack known as a third-party breach.

According to the Labour Party’s official breach statement, on the 29th of October, the party’s third-party provider lost access to a significant portion of member data following a cyber incident.

“The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems.” The UK Labour Party said in its statement.

This style of attack is characteristic of a ransomware attack, where a victim’s critical internal processes are taken hostage and only released if a ransom is paid.

Sources familiar with the incident told SkyNews that the incident was indeed a Ransomware attack, but this is yet to be confirmed.

The depth of data compromise is still unclear, but it has damaging potential.

The compromised third party, which at this stage is unidentified, had access to the financial information of paying members; and even former party members received a notification that their data may have been compromised.

This could out the UK Labour Party for storing member data longer than required - behavior that’s contrary to the UK GDPR’s data retention guidelines.

Last year, the Labour Party’s third-party vendor, BlackBaud, also fell victim to a ransomware attack. If this event, like the BlackBaud event, proves not to be politically motivated, 

its an indication of the critical prevalence of both ransomware attacks and the vulnerabilities that make them possible.

How secure is The UK Labour Party?

The UK Labour Party is a political party in the United Kingdom.
  • Check icon
    View our free preliminary report on The UK Labour Party’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating