The Labour Party is refusing to co-operate over data breach

Labour Party Data Breach

Last year, criminals accessed the Labour Party’s membership database in a ‘ransomware‘ hack. Because of this incident, members, former members, registered and affiliated supporters could have had their confidential information stolen by cybercriminals. 

Since the hack, many current and former Labour Party members appointed Keller Postman UK to establish what data was compromised. This information is needed to help those affected take steps to protect themselves. 

Despite two months passing since the privacy violation was made public, the Labour Party is refusing to cooperate. As such, we are nowhere near understanding what data was accessed. This is a shocking data protection failure. 

What do we know about the Labour Party data breach?

Despite getting no response from the Labour Party, we do know that Labour outsourced the data management of its member system to Tangent, a private contractor. Tangent subsequently became the victim of a ransomware attack which rendered a significant quantity of Party data inaccessible. According to media reports, Tangent refused to pay the ransom, so the criminals behind the attack corrupted the database, making the data loss permanent. 

The sensitive data of hundreds of thousands of members and former members is a severe privacy failure. The National Crime Agency is involved, and the Party could be fined millions of pounds by the ICO (the UK’s data protection regulator). However, this money would go to HM Treasury, not victims.

Causing considerable levels of anguish and anxiety, Labour is now refusing to help those affected by telling them what data was stolen. Whether Labour is failing to cooperate because it does not know what data was compromised, or it simply doesn’t want to tell victims, it is putting its membership at increased risk of fraud, scams, and emotional distress. This is unacceptable and unforgivable. 

What are we doing to help victims of the data breach?

At Keller Postman UK, we are helping victims affected by this data protection failure to claim compensation. We attempted to open discussions with the Labour Party to discover what information was stolen as part of this process. To date – and in breach of its data protection obligations – Labour has refused to respond to any requests for information. Championing the data protection rights of those involved, we are now in discussions with the ICO to force Labour to take this matter seriously.  

We also represent many former members who want to know why their data was being held by Labour, despite them having left the Party years ago as this is a breach of the GDPR. 

Commenting on this matter, Kingsley Hayes, Head of Data Breach at Keller Postman UK, said: 

“The Labour Party data breach happened months ago, so it is concerning that the question of what was stolen still hasn’t been answered. When appointing a third party to manage its data, Labour was responsible for ensuring that it would be processed and protected in line with UK data protection laws, and routinely and securely backed up. This doesn’t seem to have happened. 

 “Indeed, our early investigations, combined with the Party’s refusal to be accountable and honest following the hack, suggests that Labour’s data protection processes are nothing short of shambolic.

 “It is well established that, following a data breach, criminals often use stolen data to carry out phishing and other forms of scams against those affected. By not telling members what data has been exposed, Labour makes it incredibly difficult for the very people who support it to protect themselves.

“We are making Data Subject Access Requests (DSARs) on behalf of those involved in this incident to find out exactly what data was exposed. We are ready to take this matter to the ICO if Labour does not honour these requests”. 

Can you make a Labour Party data breach compensation claim?

Keller Postman UK is pursuing a no-win, no-fee group action to hold the Labour Party to account. Both members and non-members can register with us. We also encourage anyone who has encountered anything suspicious that they believe is related to the data breach – for example, any phishing attacks – to register with us and tell us about their experience.

Sign up with Keller Postman UK to discuss your case in confidence. Once done, we will keep you updated as developments unfold. There are no costs to register and no obligation to proceed.

Contact Keller Postman to discuss a data breach claim.

Share this article: