In the UK, the Labour Party reports that a ransomware attack led to a disruptive data breach, which may have affected information belonging to members of the party. After relevant legal authorities received information about the breach, the data breach was made public via the Labour Party’s website.
Early information indicates that the ransomware was deployed on a third-party supplier’s systems, which contained Labour Party data. As the BBC reports, it’s likely that “someone, somewhere is demanding a ransom in exchange for safe return of the database they [hackers] have taken control of.”
Says the breach notice on the Labour Party’s website, “On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems.”
Breach due to ransomware
At present, the incident remains under investigation by federal agencies, including the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC). The complete scope and impact of the breach have yet to be determined.
Labour Party members have recently received information pertaining to suspicious emails, phone calls, text messages and more. In addition, Party members have been advised to enable two-factor authentication (2FA) on personal accounts, where feasible.
Did the breach affect all Labour Party members across the UK?
Many questions remain unanswered. The precise type of data exposed or stolen remains unknown. It’s unclear as to whether or not the data contains personal financial information. Could this data breach mean that party members will be targeted with new social engineering scams?
The Labour Party reports that it is “working closely and on an urgent basis” with an IT firm in order to gain better visibility into the attack.
The 2020 Labour Party breach
In July of 2020, the Labour Party disclosed another data breach, which occurred after a cloud software provider experienced a ransomware attack. This breach compromised personal information belonging to Labour Party members, including email addresses, phone numbers and amounts donated to campaigns.
While initial reports stated that information pertaining to bank accounts, passwords and usernames was not exposed, forensic investigators ultimately discovered that threat actors had access to unencrypted banking details and social security numbers.
Organizations affected by this breach included charities, non-profits, and universities across the United Kingdom, the United States, Canada and the Netherlands.
The NCA is leading the criminal investigation into this high-profile incident. While Labour’s own data systems were unaffected, a significant quantity of Labour-owned data remains inaccessible. Further, information compromise could potentially lead to negative outcomes for party supporters.
Several weeks ago, The Guardian reported that Labour is devoting a significant quantity of its cash to litigation interests. In 2020, the Party spent more than £2m in legal fees. Will this ransomware-based breach result in additional legal and financial trouble?
For more information about the latest ransomware threats, see Cyber Talk’s past coverage. Also, discover new cyber security and business insights in CyberTalk.org’s newsletter. Sign up here.