Security News > 2021 > November > UK Labour Party discloses data breach after ransomware attack

The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.

The data breach was announced in a data breach notification published on the party's website after informing relevant authorities about the incident.

"On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems," the breach notice reads.

While the U.K. party did not disclose the nature of the incident, sources close to the investigation told Sky News that the attack involved ransomware being deployed on the third-party supplier's systems containing Labour Party data.

The Labour Party disclosed another data breach following a similar incident last year, in July, after leading cloud software provider Blackbaud and of the party's suppliers was hit by a ransomware attack in May 2020 and disclosed on July 16.

While the party said immediately after the breach that no sensitive data like bank account information, passwords, or usernames were exposed, Blackbaud's forensic investigation revealed that the threat actors had access to unencrypted banking info, credentials, and SSNs. "After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords," Blackbaud said in an 8-K filing with the U.S. Securities and Exchange Commission.

News URL

https://www.bleepingcomputer.com/news/security/uk-labour-party-discloses-data-breach-after-ransomware-attack/