A company that handles the membership data of Britain’s Labour Party has been affected by a “cyber-incident.”
Labour said that the event at the third-party firm has rendered “a significant quantity” of party data “inaccessible on their systems.”
The incident has been reported to the UK’s National Cyber Security Centre (NCSC), National Crime Agency (NCA), and the Information Commissioner’s Office (ICO), which are investigating what transpired.
Data impacted by the incident includes information provided to the Labour Party by its “members, registered and affiliated supporters, and other individuals,” according to a statement by the opposition party.
Labour said that they were informed of the cyber-incident by the third party on October 29. They did not reveal the name of the company.
“The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems,” said Labour in a data incident notification.
“As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).”
Labour said its new data systems were not affected by the incident; the full scope of which is still being investigated.
“The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident,” said Labour.
A spokesman for the NCSC said: “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
“We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.”
Labour advised its members to be vigilant against suspicious activity, including suspicious emails, phone calls or text messages, and to forward suspicious emails to email@example.com.