Notification of data incident

 

Notification of data incident

Wednesday 3 November 2021

Dear Sir / Madam,

We are writing to you to let you know that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response. We have also provided details of precautionary steps you may consider taking to help protect yourself.

What happened?

On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems. As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The Party continues to work closely with each of these authorities. The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party’s own data systems were unaffected by this incident.

What information was involved?

We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.

What are the Labour Party doing?

The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.

What you can do

With incidents of this nature becoming increasingly common, it is more important than ever to remain vigilant against suspicious activity. As an immediate precaution, and in line with National Cyber Security Centre guidance, we recommend you take the following steps to protect yourself:

Be especially vigilant against suspicious activity, including suspicious emails, phone calls or text messages. The National Cyber Security Centre has published advice regarding suspicious emails on its website: https://ncsc.gov.uk/guidance/suspicious-email-actions 

If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) via report@phishing.gov.uk.

You can also implement two-factor authentication (2FA) where possible to protect your online accounts from unauthorised access as described in the following publication on the National Cyber Security Centre’s website: https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa

Additional guidance about what to watch out for online can be found here: https://www.ncsc.gov.uk/guidance/data-breaches

For more information

If you have any questions or queries in relation to this incident, please direct them to privacy@labour.org.uk. We will also provide updates on our website in respect of this incident in line with guidance received from relevant law enforcement authorities.

Kind regards,

The Labour Party