In November 2021, the Labour Party confessed to a membership database breach. In this quick guide, our expert data protection solicitors explain what happened in the Labour Party data breach, how members and former members are impacted, and what they should do to stay safe.
The Labour Party data breach was caused by cybercriminals
The Labour Party data breach happened after criminals accessed the systems of Tangent, a private contractor that managed Labour’s member system. The criminals held the data hostage in a ransomware attack, but Tangent refused to pay the ransom, so the criminals behind the attack corrupted the database, making the data loss permanent.
Labour party members must be vigilant following the data breach
Labour party members affected by the breach have been informed, and they have been offered advice to manage any potential risks. This includes being vigilant against suspicious activity and implementing two-factor authentication (2FA) where possible. However, that Labour members have been put in this position in the first place is a serious failure.
It’s not just members affected by the Labour party data breach
The data breach affects more than just Labour party members. Since the hack, many people have taken to social media, including Twitter, to ask why their data was held by the party. In particular, many former members have received notification that their data has been compromised, despite leaving the party, sometimes years ago.
Thousands of members, former members, registered and affiliated supporters could have had their confidential information stolen by cybercriminals.
The Labour Party has not told victims what data has been accessed
In Labour’s notification letter, it was not clear what data had been exposed. And, despite months passing since the privacy violation was made public, the Labour Party is refusing to tell members what data has been exposed.
Whether Labour is failing to cooperate because it does not know what data was compromised, or it simply doesn’t want to tell victims, it is putting its membership at increased risk of fraud, scams, and emotional distress. This is unacceptable and unforgivable. Following a data breach, criminals often use stolen data to carry out phishing and other forms of scams against those affected. By refusing to provide further information on this breach, Labour is making it impossible for the very people who support the Party to protect themselves.
What we do know is that political parties hold a wealth of information on members and non-members, and there are genuine concerns about what has been accessed, and what will now be done with it. At Keller Postman UK, we are making Data Subject Access Requests (DSARs) on behalf of people involved in this incident to find out exactly what data has been exposed.
Protect yourself following the Labour Party data breach
At Keller Postman UK, our data protection solicitors have provided some helpful tips on how to protect yourself following a data breach or cybercrime. Get our tips here.
Is our democracy at risk?
Controversial data analytics firm Cambridge Analytica improperly used personal data harvested from millions of Facebook users to subvert the democratic process in the US and the UK. And should criminals with a political agenda decide to use the Labour Party data for their own ends, the consequences could be devastating.
The Electoral Commission, the ICO, a Department for Digital, Culture, Media & Sport committee, and The Institute of Practitioners in Advertising have all raised concerns about using data to micro-target specific voters. According to an ICO report:
Make a Labour Party data breach compensation claim
At Keller Postman UK, we are helping victims affected by this data protection failure to claim compensation for the breach of their data, and any subsequent GDPR failures.
Championing the data protection rights of those involved, we are now in discussions with the ICO to force Labour to take this matter seriously. We also represent many former members who want to know why their data was being held by Labour, despite them having left the Party years ago as this is a breach of the GDPR.
Both members and non-members can register to join our no-win, no-fee action. We also encourage anyone who has encountered anything suspicious that they believe is related to the data breach – for example, any phishing attacks – to register with us and tell us about their experience.
Sign up with Keller Postman UK to discuss your case in confidence.