Major privacy breach rattles UK Labour Party

UK Labour privacy breach
The following report was received from a trusted source:

Hundreds, and possibly thousands, of people with links to the UK Labour Party have had their data privacy breached. 

Yet hardly any members of the media have covered this fact as a news story. 

“… many former members who resigned are baffled as to why the party was still holding their data at all.”

Victims do not yet know much about why and when this occurred. The party has not yet answered their queries about who was holding this data when systems were breached. Indeed, many former members who resigned are baffled as to why the party was still holding their data at all. One person spoken to resigned in mid 2020.

All the victims know is that their data was breached when a “third party” organisation suffered a cyber attack. They have not been told the actual date this occurred. 

The news was delivered to people affected in a “Private and Confidential” email from the Labour Party dated Wednesday 3 November 2021. It said a third party that handles data on their behalf had been the victim of a cyber attack. It said the party was made aware of the incident on 29 October 2021. The party’s own data systems were apparently unaffected by this breach.

The incident must have been recognised as the serious incident it was because it was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). 

“It has certainly become clear since 3 November that current and past members were victims, as were some trade union affiliates. But how it was that only some people were affected and others were not is still a mystery.”

The party said the data included information provided by its members, registered and affiliated supporters, and other individuals who have provided their information to the party. It has certainly become clear since 3 November that current and past members were victims, as were some trade union affiliates. But how it was that only some people were affected and others were not is still a mystery. For example, how come some former members who resigned were sent the email but others were not? It begs the question as to exactly what kind of list was affected?

The party say investigations are ongoing. Some victims are threatening to sue either individually or as a class action. Others have contacted the Information Commissioner and news organisations. 

“One hopes Labour Party leader Keir Starmer will not again try to blame others. He is at the helm and must take responsibility for the ship he is supposed to be steering.”

Many are asking whether people who were expelled from the party over recent months were victims. If so, why was their data still being kept on file? This is surely completely out of order. It is grossly disrespectful. It makes kangaroo courts look even less legitimate.

At the very least the matter suggests incompetence and poor corporate governance. Whether this is a historic failure of computer systems development or recent is irrelevant. One hopes Labour Party leader Keir Starmer will not again try to blame others. He is at the helm and must take responsibility for the ship he is supposed to be steering.

The original email suggested queries be sent to an email address at the party’s headquarters. No one spoken to during collation of information for this article had as yet had any reply to their queries.

Print Friendly, PDF & Email