Cyberattacks and data breaches via third-party vendors continue to become prevalent, affecting organizations’ critical data. Britain’s Labour Party recently announced that it had sustained a cyber incident via a third-party firm that handles its membership data. In an official release, the Party stated the security incident compromised its systems affecting its Party members, affiliated supporters, and other individuals who gave their data to the Party. However, the attack did not impact the Party’s data systems.
While the total number of members affected is unknown, the Labour Party stated, it has reported the incident to the National Crime Agency (NCA), National Cyber Security Centre (NCSC), and the Information Commissioner’s Office (ICO) to further investigate its nature, circumstances, and impact.
“On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems,” the Party said.
Attackers could exploit the compromised information for various malicious activities. As a precautionary measure, the NCSC recommended security actions to defend against data misuse:
- Be vigilant against suspicious activity, including suspicious emails, phone calls, or text messages.
- If you have received an email that you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) via [email protected].
- Implement two-factor authentication (2FA) where possible to protect your online accounts from unauthorized access
The statement from the Labour Party is unclear and did not include answers for most questions, including the number of impacted members, the type of data impacted, and if it was a ransomware attack.
“With incidents of this nature becoming increasingly common, it is more important than ever to remain vigilant against suspicious activity,” the Party added.
Cyberattacks on Political Parties
Cybersecurity incidents on political parties incur severe repercussions. Attackers could exploit the sensitive data of the parties to meddle in election campaigns and even influence voters. Earlier, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert for all political parties and operatives of critical infrastructure to look out for possible cyberattacks. In a broader light of keeping the organizations and businesses safe from state actors’ foul play, CISA has provided information on specific tactics, techniques, and procedures (TTPs) employed by them.