UK Labour Party Pwned…. Data Swiped

The Labour Party in the UK has disclosed a “cyber incident” and that a “significant quantity of Party data” had been rendered inaccessible.

Or put another way, they were pwned by hackers who stole data.

The attack stemmed from a third-party affiliate which handles data on the Party’s behalf. The information stolen includes “information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party”, this includes previous Party members, who have raised questions about why the Party has kept hold of their details. Take this Tweet for example:

The DPA is the Data Protection Act. While it’s not the GDPR, it isn’t trivial when it comes to dishing out penalties for this sort of thing.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:

“Most data, unfortunately, is fundamentally naked and afraid. Once a bad actor has gotten past the castle gates, there is no defense. Data, for now, can’t protect itself.”

“Attackers can obtain privileged access to systems by means of zero-days acquired at the black market. Security technologies such as Confidential Computing can help protect data even in light of previously unknown privilege escalation techniques.”

Seeing as this is not the first time that the Labour Party has been pwned, they may want to do a significant re-think about their cyber defences.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: