The Labour Party in the UK has disclosed a “cyber incident” and that a “significant quantity of Party data” had been rendered inaccessible.
Or put another way, they were pwned by hackers who stole data.
The attack stemmed from a third-party affiliate which handles data on the Party’s behalf. The information stolen includes “information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party”, this includes previous Party members, who have raised questions about why the Party has kept hold of their details. Take this Tweet for example:
The DPA is the Data Protection Act. While it’s not the GDPR, it isn’t trivial when it comes to dishing out penalties for this sort of thing.
Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:
“Most data, unfortunately, is fundamentally naked and afraid. Once a bad actor has gotten past the castle gates, there is no defense. Data, for now, can’t protect itself.”
“Attackers can obtain privileged access to systems by means of zero-days acquired at the black market. Security technologies such as Confidential Computing can help protect data even in light of previously unknown privilege escalation techniques.”
Seeing as this is not the first time that the Labour Party has been pwned, they may want to do a significant re-think about their cyber defences.
Like this:
Like Loading...
Related
This entry was posted on November 4, 2021 at 1:47 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
UK Labour Party Pwned…. Data Swiped
The Labour Party in the UK has disclosed a “cyber incident” and that a “significant quantity of Party data” had been rendered inaccessible.
Or put another way, they were pwned by hackers who stole data.
The attack stemmed from a third-party affiliate which handles data on the Party’s behalf. The information stolen includes “information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party”, this includes previous Party members, who have raised questions about why the Party has kept hold of their details. Take this Tweet for example:
The DPA is the Data Protection Act. While it’s not the GDPR, it isn’t trivial when it comes to dishing out penalties for this sort of thing.
Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:
“Most data, unfortunately, is fundamentally naked and afraid. Once a bad actor has gotten past the castle gates, there is no defense. Data, for now, can’t protect itself.”
“Attackers can obtain privileged access to systems by means of zero-days acquired at the black market. Security technologies such as Confidential Computing can help protect data even in light of previously unknown privilege escalation techniques.”
Seeing as this is not the first time that the Labour Party has been pwned, they may want to do a significant re-think about their cyber defences.
Share this:
Like this:
Related
This entry was posted on November 4, 2021 at 1:47 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.