On 3 November 2021, the Labour Party told members, former members, registered and affiliated supporters, and other individuals that their details could have been exposed in a privacy violation.
Here’s what we were told about the breach at that time:
- A third party that handles data on behalf of the Labour Party was subject to a cyber incident.
- The incident resulted in a significant quantity of Party data being rendered inaccessible.
- The Labour Party was told about the breach on 29 October 2021.
- The Party launched an investigation to find out more about what happened.
- The incident was reported to the relevant authorities, including the National Crime Agency (NCA), the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO).
- The Party’s own data systems were not affected by the incident.
- Those affected by the breach included members, registered and affiliated supporters, and other individuals who had provided their information to the Party.
The Labour Party said it was “doing everything within its power to investigate and address this incident”. However, a month has passed since the data breach, and to date, victims have not been provided with any more information about what happened, what personal data was exposed, and to whom.
What we do know is that political parties hold a wealth of information on members and non-members, and there are genuine concerns about what has been accessed, and what will now be done with it. At Keller Lenkner UK, we are making Data Subject Access Requests (DSARs) on behalf of people involved in this incident to find out exactly what data has been exposed.
Anyone who has provided their data to the Labour Party could be at risk
Those potentially affected by the breach have been offered advice to manage any potential risks. This includes being vigilant against suspicious activity and implementing two-factor authentication (2FA) where possible. However, that members and non-members have been put in this position in the first place is a serious data protection failure.
There are also questions to be answered about what information is being collected by the Labour Party, and how long it is holding it for. Some former Labour members who have contacted us about the breach want to know why their data was being held, despite them having left the Party years ago.
Can you make a Labour Party data breach compensation claim?
Many of those affected by the data privacy violation are considering legal action and Keller Lenkner UK is pursuing a no-win, no-fee group action to hold those responsible to account. Both members and non-members can register with us, and the first thing we will do is investigate exactly what data has been exposed.
Sign up with Keller Lenkner UK to discuss your case in confidence. Once done, we will keep you updated as developments unfold. There are no costs to register and no obligation to proceed.