Security News > 2021 > November > UK Labour Party discloses data breach after ransomware attack
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.
The data breach was announced in a data breach notification published on the party's website after informing relevant authorities about the incident.
"On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems," the breach notice reads.
While the U.K. party did not disclose the nature of the incident, sources close to the investigation told Sky News that the attack involved ransomware being deployed on the third-party supplier's systems containing Labour Party data.
The Labour Party disclosed another data breach following a similar incident last year, in July, after leading cloud software provider Blackbaud and of the party's suppliers was hit by a ransomware attack in May 2020 and disclosed on July 16.
While the party said immediately after the breach that no sensitive data like bank account information, passwords, or usernames were exposed, Blackbaud's forensic investigation revealed that the threat actors had access to unencrypted banking info, credentials, and SSNs. "After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords," Blackbaud said in an 8-K filing with the U.S. Securities and Exchange Commission.
News URL
Related news
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks (source)
- How to Effectively Manage a Data Breach (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)