Labour Party Data Incident

[Tesla73]

Anyone else alarmed by this especially when we know what Labour are like in terms of wrong think etc (remember Lily Madigans gleeful tweet about having access to everyones lovely data)

"We are writing to you to let you know that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response. We have also provided details of precautionary steps you may consider taking to help protect yourself.

What happened?

On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems. As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The Party continues to work closely with each of these authorities. The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party’s own data systems were unaffected by this incident.

What information was involved?

We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.

What are the Labour Party doing?

The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.

What you can do

With incidents of this nature becoming increasingly common, it is more important than ever to remain vigilant against suspicious activity. As an immediate precaution, and in line with National Cyber Security Centre guidance, we recommend you take the following steps to protect yourself:

Be especially vigilant against suspicious activity, including suspicious emails, phone calls or text messages. The National Cyber Security Centre has published advice regarding suspicious emails on its website: ncsc.gov.uk/guidance/suspicious-email-actions
If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) via [email protected].
You can also implement two-factor authentication (2FA) where possible to protect your online accounts from unauthorised access as described in the following publication on the National Cyber Security Centre’s website: www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa
Additional guidance about what to watch out for online can be found here: www.ncsc.gov.uk/guidance/data-breaches"

The worrying thing for me is that i left the Labour Party years ago because of their betrayal of women yet this suggests to me that my details are still on their system.

I was still getting the meeting minutes from my local party and I emailed the leader of the local party asking why they still had my details but he didnt even acknowledge my email. The emails did stop though and I gave it no more thought but now I get this email to both my personal email and my work one.

I received this email, also having left the LP some time ago. I wondered the same re them still holding my data.

Btw I also had to specifically ask to be removed from the mailing list of my local branch after I'd left so I wonder how common this is. Presumably this is down to lack of communication between the central party database and Colin (or whoever) who's in charge of sending emails about barbecues for local members. It suggests a somewhat amateurish approach to data handling!

I did the same - ticked all the boxes to remove me from mailing lists etc but still I'd get the local partys AGM agenda and minutes

Very amateurish for such a "professional" party

I had assumed that I got the email because I only left the fold comparatively recently (two months ago), but your comments would suggest otherwise.

Yes- I think I left around 5 years ago.

(Btw the OP has got me wondering - whatever did happen to LM? That individual seems to have vanished! Were they quietly dropped?)

I finally left the party a couple of weeks ago. Received this email.
Have spent over a year attempting to stop the sending me emails etc and have repeatedly set my contact preferences but was still receiving hyper local emails pretty much weekly.
Sick of this.

Can you be bothered to complain to the ICO? They have obviously breached the gdpr principle of storage limitation, kept your data for longer than necessary and this breach has now put you at risk.

There used to be a group called Labour against transphobia, lily madigan (of having access to everyones lovely data fame) was part of that group. They compiled a list of women guilty of wrong think with the intention of getting them thrown out of the party.

mobile.twitter.com/sargesalute/status/955087252694224898

MPs were also allegedly part of the group mobile.twitter.com/msjenniferjames/status/1039477348020539392

I've seen several of my friends on Facebook complaining about this - left the LP months/years ago and it seems their details have been held. They're not pleased.

I'm also concerned as I left the LP years ago and have now received this message. I am going to see if I can easily report it to the ICO

I'm on a live chat on ICO website now asking what I should do - will report back!

I think LM had to take his fragrant self out of the Labour limelight when several allegations of gaslighting and sexual coercion came to light? Can't recall details, but from what I do remember he could have been a textbook case for Angela Wild's survey/BBC article on the subject.

I mourn the loss of such a stalwart champion of women's right's in the Labour Party. Absolutely breaks my heart to think of such an insightful leader in the making, now so tragically lost to us..

I think complaints to the ICO is the way to go, pro tem. The OP can bundle them up as related complaints perhaps?

This may affect a much bigger pool that Party members.

We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party.

So potentially union members, anyone who has ever filled in a local survey by a Labour councillor, signed a petition started by a Labour councillor ... based on my knowledge of how local Lib Dems operate, they bloody love personal data and frequently breach GDPR and don't care a jot.

Given the frequent threats against women, the boasting on Twitter of list compilations and so many lunatic councillors in the mix, this is really concerning.

"Make a formal complaint to the organisation in writing, and give it one calendar month to respond. If, after that period, you have not heard anything please feel free to get back in touch with us and we will see where you need to go then at that point. It may be the case that you will need to raise the issue with us at the ICO."

ihavespoken - look forward to your update

I'm considering reporting it too

Not OP, the ICO!

Also received this message having left the party a while ago - not best pleased.

Sorry - meant to say this was the advice:
Need to formally raise it with Labour Party first and then resort to ICO after a month.
I am happy to add to a bundled complaint to Labour Party if anyone wants to organise it! However, the website says they only take complaints via their online form here so I am not sure how that would work.
labour.org.uk/complaints/making-a-complaint/

The form was quite easy to fill in. Have set reminder for 1 month to see if it should then be escalated!

I’m concerned as it doesn’t particularly mention which data. I thought they were supposed to specify, for example name and email, name and address. By not specifying it makes me believe that all data (including banking data) has been breached.

I also got this and left a few years ago and told them in an email why. I’m worried about TRA’s having access to my data. Even after I left I kept getting emails and texts from the LP and Momentum…all stopped after a stern email eventually. But this really unsettled me.

Does this only involve ex members? Is their data held less securely?

No, it involves current members too.

@ihavespoken

Sorry - meant to say this was the advice: Need to formally raise it with Labour Party first and then resort to ICO after a month. I am happy to add to a bundled complaint to Labour Party if anyone wants to organise it! However, the website says they only take complaints via their online form here so I am not sure how that would work. labour.org.uk/complaints/making-a-complaint/

The form was quite easy to fill in. Have set reminder for 1 month to see if it should then be escalated!

Thanks for this. I'm feeling pretty pissed off by this whole thing. I couldn't be bothered at first but I am going to write and complain on second thoughts.

Have submitted my complaint and whilst doing it it reminded me that I have filled this form in before in regards to the local party still sending me emails and I never heard back from them on it.

Had an acknowledgment email then silence

In the same position as OP and I'll complain too.

other individuals who have provided their information to the Party

This could be a huge data leak, because it isn't just members, and ex members whose data Labour still holds. It appears to be anyone who has previously given their details to the party.