Labour Party suffers data breach exposing members’ private data
The Labour Party has experienced a significant data breach after a third party responsible for handling membership data on their behalf was subject to a cyber incident.
As a result of the incident, a significant quantity of members’ data was rendered inaccessible on the party’s systems.
At this stage, the Labour Party has not released any further details regarding the exact nature of the incident and how it occurred. It is also unclear exactly what information was exposed in the breach.
The Labour Party have simply stated that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals.
Richard Forrest, Legal Director at specialist data breach legal experts Hayes Connor, which is helping some Labour members potentially affected by the breach, said: “This is a real worry for everyone who has contacted us so far. The most important thing the Labour party has to do – immediately – is to let those who have been affected know exactly what has happened. What data has been breached? Is it financial? What steps have been taken to protect any other information?
“People need to know. If it is financial information, then they need to be able to take steps to protect their bank accounts. If it is other personal information, then they need to know so they can take the necessary steps to protect themselves.
“Data breaches are a very emotional thing for those affected. We see all the time the impact it has on people and at the moment, Labour members have precious little information. That just increases the worry and anxiety, unnecessarily.
“Added to that, party affiliation is a special category of data under GDPR and rightly so. People have a right to keep their political affiliations to themselves if they wish to do so. It will be of real concern to some members that people may find out that they are party members when they have deliberately decided not to make that public. Everyone has a right to privacy.”
The Labour Party has claimed that it is working closely with the unnamed third party to understand the full nature of the incident, though it is not clear exactly what this entails.
The National Crime Agency (NCA), National Cyber Security (NCSC) and the Information Commissioner’s Office (ICO) have all been notified.
If you have been contacted by the Labour Party to inform you that your data was exposed in the breach, or you have reason to believe that this is the case, you will likely have grounds to claim compensation.
The team at Hayes Connor are ready to advise and support anyone who has been affected by the Labour Party data breach. To find out more about how you can make a claim, please get in touch.