Labour members have been emailed by the party this afternoon with the worrying news that they have been “the victim of a sophisticated ransomware attack, which occurred earlier this year.” Cybercriminals successfully stole data on Labour members and donors from software company and Labour Party supplier Blackbaud. The party today confirmed that the stolen data included:
Blackbaud has told the Labour Party that they have paid a ransom demanded by the hackers, and “have received assurances that the data was destroyed as a result.” The Tories did warn Labour were a threat to the nation’s security…
Read the email in full below:
Important message from the Labour Party.
Blackbaud data breach
You may have heard that one of our suppliers, Blackbaud, has suffered a data breach. The Labour Party takes its responsibilities regarding data security very seriously and this notice is intended to provide further information about this situation.
Blackbaud have notified the Labour Party that they have been the victim of a sophisticated ransomware attack, which occurred earlier this year. During this time, a historic backup file containing personal information was stolen by a cybercriminal. It is important to immediately note that no sensitive information, such as bank account information, passwords or usernames, was taken. Blackbaud have also confirmed that they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result.
Blackbaud have confirmed to us that the following personal data was affected:
- Email addresses
- Telephone numbers
- Amounts donated to the Labour Party
We have been assured by Blackbaud that their security experts have fully investigated the attack and are in constant contact with the Information Commissioner’s Office (“ICO”) about the situation.
Actions the Labour Party has taken
The Labour Party has launched its own investigation and is working closely with Blackbaud, as well as our Governance, Legal, Data Protection and IT teams to gather more information about the breach. We will take any measures necessary to protect your data, and in line with our data protection obligations, we have also notified the ICO about this breach.
What you need to do
While there is no action you need to take at this time, if you do become aware of any suspicious activity or suspected identity theft, you should notify the proper law enforcement authorities.
If you have any questions in relation to this notice, you can call 0345[—].
We very much regret the concern or inconvenience caused as a result of this news.
The Labour Party