fbpx

A quick guide to the Labour Party data breach

Labour Party Data Breach
Facebook
Twitter
LinkedIn

In November 2021, the Labour Party confessed to a membership database breach. In this quick guide, our expert data protection solicitors explain what happened in the Labour Party data breach, how members and former members are impacted, and what they should do to stay safe.

The Labour Party data breach was caused by cybercriminals

The Labour Party data breach happened after criminals accessed the systems of Tangent, a private contractor that managed Labour’s member system. The criminals held the data hostage in a ransomware attack, but Tangent refused to pay the ransom, so the criminals behind the attack corrupted the database, making the data loss permanent.

Labour party members must be vigilant following the data breach

Labour party members affected by the breach have been informed, and they have been offered advice to manage any potential risks. This includes being vigilant against suspicious activity and implementing two-factor authentication (2FA) where possible. However, that Labour members have been put in this position in the first place is a serious failure.

It’s not just members affected by the Labour party data breach

The data breach affects more than just Labour party members. Since the hack, many people have taken to social media, including Twitter, to ask why their data was held by the party. In particular, many former members have received notification that their data has been compromised, despite leaving the party, sometimes years ago.

Thousands of members, former members, registered and affiliated supporters could have had their confidential information stolen by cybercriminals.

The Labour Party has not told victims what data has been accessed

In Labour’s notification letter, it was not clear what data had been exposed.  And, despite months passing since the privacy violation was made public, the Labour Party is refusing to tell members what data has been exposed.

Whether Labour is failing to cooperate because it does not know what data was compromised, or it simply doesn’t want to tell victims, it is putting its membership at increased risk of fraud, scams, and emotional distress. This is unacceptable and unforgivable. Following a data breach, criminals often use stolen data to carry out phishing and other forms of scams against those affected. By refusing to provide further information on this breach, Labour is making it impossible for the very people who support the Party to protect themselves.

What we do know is that political parties hold a wealth of information on members and non-members, and there are genuine concerns about what has been accessed, and what will now be done with it. At Keller Postman UK, we are making Data Subject Access Requests (DSARs) on behalf of people involved in this incident to find out exactly what data has been exposed.

Protect yourself following the Labour Party data breach

At Keller Postman UK, our data protection solicitors have provided some helpful tips on how to protect yourself following a data breach or cybercrime. Get our tips here.

"The Labour Party data breach happened months ago, so it is concerning that the question of what was stolen still hasn't been answered. When appointing a third party to manage its data, Labour was responsible for ensuring that it would be processed and protected in line with UK data protection laws, and routinely and securely backed up. This doesn't seem to have happened.

"Indeed, our early investigations, combined with the Party's refusal to be accountable and honest following the hack, suggests that Labour's data protection processes are nothing short of shambolic.

"It is well established that, following a data breach, criminals often use stolen data to carry out phishing and other forms of scams against those affected. By not telling members what data has been exposed, Labour makes it incredibly difficult for the very people who support it to protect themselves.

"We are making Data Subject Access Requests (DSARs) on behalf of those involved in this incident to find out exactly what data was exposed. We are ready to take this matter to the ICO if Labour does not honour these requests".

Kingsley Hayes, Head of Data & Privacy Litigation, Keller Postman UK

Is our democracy at risk?

Controversial data analytics firm Cambridge Analytica improperly used personal data harvested from millions of Facebook users to subvert the democratic process in the US and the UK. And should criminals with a political agenda decide to use the Labour Party data for their own ends, the consequences could be devastating.

The Electoral Commission, the ICO, a Department for Digital, Culture, Media & Sport committee, and The Institute of Practitioners in Advertising have all raised concerns about using data to micro-target specific voters. According to an ICO report:

“Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced.

“The invisible, ‘behind the scenes’ use of personal data to target political messages to individuals must be transparent and lawful if we are to preserve the integrity of our election process.

“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”

Make a Labour Party data breach compensation claim

At Keller Postman UK, we are helping victims affected by this data protection failure to claim compensation for the breach of their data, and any subsequent GDPR failures.

Championing the data protection rights of those involved, we are now in discussions with the ICO to force Labour to take this matter seriously.  We also represent many former members who want to know why their data was being held by Labour, despite them having left the Party years ago as this is a breach of the GDPR. 

Both members and non-members can register to join our no-win, no-fee action. We also encourage anyone who has encountered anything suspicious that they believe is related to the data breach – for example, any phishing attacks – to register with us and tell us about their experience.

Sign up with Keller Postman UK to discuss your case in confidence.

Contact Keller Postman to discuss a data breach claim.

Share this article: