Official statement from the Labour Party
Notification of data incident: We wish to inform you that a third party that handles data on our behalf has been subject to a cyber incident.
While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response. We have also provided details of precautionary steps you may consider taking to help protect yourself.
What happened: On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems. As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The Party continues to work closely with each of these authorities. The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party’s own data systems were unaffected by this incident.
What information was involved: We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.
What is the Labour Party doing: The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.