Please or to access all these features

Add post

Watch this thread

Save thread

Start a new thread

Flip thread

Hide thread

My feed

Active Unanswered threads

Getting started FAQ's

Unanswered threads Acronyms Talk guidelines

Hide shortcut buttons

Talk

Feminism: Sex and gender discussions

Feminism: chat

Flip

1 2 3 4

Original poster

Labour Party Data Incident

77 replies

Tesla73 · 04/11/2021 09:55

Anyone else alarmed by this especially when we know what Labour are like in terms of wrong think etc (remember Lily Madigans gleeful tweet about having access to everyones lovely data)

"We are writing to you to let you know that a third party that handles data on our behalf has been subject to a cyber incident. While the Party’s investigation remains ongoing, we wanted to make you aware of this incident and the measures which we have taken in response. We have also provided details of precautionary steps you may consider taking to help protect yourself.

What happened?

On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems. As soon as the Party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). The Party continues to work closely with each of these authorities. The Party is also working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident. The Party’s own data systems were unaffected by this incident.

What information was involved?

We understand that the data includes information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party. The full scope and impact of the incident is being urgently investigated.

What are the Labour Party doing?

The Party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party.

What you can do

With incidents of this nature becoming increasingly common, it is more important than ever to remain vigilant against suspicious activity. As an immediate precaution, and in line with National Cyber Security Centre guidance, we recommend you take the following steps to protect yourself:

Be especially vigilant against suspicious activity, including suspicious emails, phone calls or text messages. The National Cyber Security Centre has published advice regarding suspicious emails on its website: ncsc.gov.uk/guidance/suspicious-email-actions
If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) via [email protected].
You can also implement two-factor authentication (2FA) where possible to protect your online accounts from unauthorised access as described in the following publication on the National Cyber Security Centre’s website: www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa
Additional guidance about what to watch out for online can be found here: www.ncsc.gov.uk/guidance/data-breaches"

The worrying thing for me is that i left the Labour Party years ago because of their betrayal of women yet this suggests to me that my details are still on their system.

I was still getting the meeting minutes from my local party and I emailed the leader of the local party asking why they still had my details but he didnt even acknowledge my email. The emails did stop though and I gave it no more thought but now I get this email to both my personal email and my work one.

OP posts:

Original poster

Tesla73 · 04/11/2021 11:17

Very worrying in the current climate of cancel culture and with Stonewall et al now in freefall I am nervous that this all part of a scorched earth plan to do as much damage as possible before the bottom of this gender politics nightmare falls out completely.

may be I'm being paranoid but my correspondence with both Labour & Momentum around me leaving was very clear in my reasons being their betrayal of women, their pushing of self ID etc and now I know that they still have my personal and company email address (the company I work for is Stonewall aligned)

OP posts:

bordermidgebite · 04/11/2021 12:25

Why did they not delete my data, as I would normally request , when I left the party? !

Whatthechicken · 04/11/2021 13:00

I have emailed them with a clearly marked title - GDPR request.

These are my questions:

I have provided the Labour Party with many pieces of identifying information over the years: Name; address; banking details; passwords. Can you tell me which pieces of private and confidential information in relation to myself has been put at risk?
I would like to know the name of the third party who deals with this information that has had a security breach. Did I explicitly give the Labour Party permission to pass over my identifying, personal information?
If I did, can I see the evidence and date of when that permission was sought and when it was granted?
As previously mentioned, I left the Labour party some months ago. Who made the decision to retain my data on file after I had left the party? Which criterion was used when making the decision to keep my data on file? How long was my data to be kept on file after the date I left the party?
I would like to request a timely copy of all of the data you hold on me please.

Original poster

Tesla73 · 04/11/2021 13:04

Whatthechicken - good points. Wonder how long they will take to reply

OP posts:

Whatthechicken · 04/11/2021 13:14

They probably won’t bother, but I’m pissed off now. My data is in a million places, for all sorts of reasons - usually freely given, and having dealt with a little GDPR in a previous role, I’d normally have sympathy with any breaches of security. But the Labour Party has no regard for me, so I will take it further.

GoodieMoomin · 04/11/2021 13:17

Oh bloody hell! I've got the email too. I left 2 or 3 years ago so would not expect them to still have my data. Will complain via the webform.

I think it might be worth asking the local branch to delete personal details, too

Original poster

Tesla73 · 04/11/2021 13:30

www.computerweekly.com/news/252508998/UKs-Labour-Party-hit-by-third-party-data-breach

so they knew this last friday and i get an email almost a week later!

and this bits a joke "“The party takes the security of all personal information for which it is responsible very seriously. It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party,” the Labour Party said in its statement." If they take it so seriously why has data of people that they should no longer have been affected?

OP posts:

ihavespoken · 04/11/2021 14:33

@Tesla73

www.computerweekly.com/news/252508998/UKs-Labour-Party-hit-by-third-party-data-breach

so they knew this last friday and i get an email almost a week later!

I've quoted that bit in my complaint!

JustWaking · 04/11/2021 15:02

The email and report say that the data 'has been rendered inaccessible'. This sounds like a ransomware attack - ie hackers have encrypted the data and won't hand over the key until given some cash - rather than them getting access to read the data. So at least your details are safe (so far)

Love the GDPR questions. Would be worth also invoking your Right to be forgotten. If you're no longer a member of the party, I can't see any reason for them to need to keep the data. They have 1 month to put all your data 'beyond use' which means it has to be either deleted or changed so that it can't be linked to you. The penalties are really high, so they should take it seriously!

JustWaking · 04/11/2021 15:08

You just need to contact them and say that you'd like to invoke your right to be forgotten. They're not allowed to charge you, unless they think you're doing it to harass them (so don't say that you hate them, say that it's 'in light of the recent data breach' )

If you don't invoke your right, then they'll apply their standard data retention period, which will probably be 7 years from when you left the party.

Finance transactions (membership fees?) will be kept, but emails etc should be deleted/put out of use.

Fariha31 · 04/11/2021 15:12

I campaigned for LP last election. Was told to leave the lists outside someones house as they were out so could not take collection of the data

Original poster

Tesla73 · 04/11/2021 15:23

Have just emailed WM Labour invoking my right to be forgotten so will post whatever reply I get.

Although going by past experience I doubt I will get a reply.

OP posts:

BoreOfWhabylon · 04/11/2021 15:32

@Battendownthesnacks

I received this email, also having left the LP some time ago. I wondered the same re them still holding my data.

Btw I also had to specifically ask to be removed from the mailing list of my local branch after I'd left so I wonder how common this is. Presumably this is down to lack of communication between the central party database and Colin (or whoever) who's in charge of sending emails about barbecues for local members. It suggests a somewhat amateurish approach to data handling!

Same for me, including continuing emails from local branch.

I've replied to the email asking why I am still on any lists and requesting that all my data is removed forthwith.

HoardingSamphireSaurus · 04/11/2021 15:35

@Battendownthesnacks

Yes- I think I left around 5 years ago.

(Btw the OP has got me wondering - whatever did happen to LM? That individual seems to have vanished! Were they quietly dropped?)

Yes. I received it too, having left about 6 years ago.

So I too have written asking to know what data they hold on me and, once it has been provided, exercise my right to be forgotten.

I have also asked for the relevent section of their data protection / privacy policy, as per GDPR.

PastMyBestBeforeDate · 04/11/2021 16:24

The link now requests that you don't fill out the complaint form but email [email protected] instead.

SolasAnla · 04/11/2021 17:42

@JustWaking

Not so safe.

The Irish health service was attacked but that was only after the data was copied.
The hackers published medical data on the web as proof of the hack.

JustWaking · 04/11/2021 19:08

It's true, they could have copied the data first.
But the email only mentions making the data inaccessible, and the LP would have to tell you if they knew it had been copied. And you'd hope that they would detect large amounts of data coming out. But we don't even know who the 3rd party is, so who knows...

SolasAnla · 04/11/2021 19:28

@JustWaking

It's true, they could have copied the data first. But the email only mentions making the data inaccessible, and the LP would have to tell you if they knew it had been copied. And you'd hope that they would detect large amounts of data coming out. But we don't even know who the 3rd party is, so who knows...

JustWaking I think the Irish System could not tell what else was taken as they could not access large blocks of the data.

I suppose it depends on how good the humans are who designed the system are. Can I access the data maintenance area rename the backup system and move the storage location back in and undo post back up will IT systems spot an internal change...

FridasSpectacularEyebrows · 04/11/2021 21:09

I got this too. Left a while ago, emailed a much more poorly-worded version of @Whatthechickens questions to privacy@labour
No response as yet

dotoallasyouwouldbedoneby · 05/11/2021 13:13

I got the email despite leaving years ago and telling them why (Corbyn) too.

Gingernaut · 07/11/2021 01:30

skwawkbox.org/2021/11/06/labour-and-starmer-evans-face-17-5-million-fines-for-data-breach/

skwawkbox.org/2021/11/06/exclusive-labour-nec-members-not-informed-which-company-has-breached-data-despite-potential-liability/?utm_source=rss&utm_medium=rss&utm_campaign=exclusive-labour-nec-members-not-informed-which-company-has-breached-data-despite-potential-liability

skwawkbox.org/2021/11/04/evans-telling-victims-of-labours-outsourced-data-breach-not-to-discuss-it/

mobile.twitter.com/KirkChris/status/1457114347608711171

mobile.twitter.com/theMattachines/status/1456984898045161474

mobile.twitter.com/MyArrse/status/1457107500126412801

Rumours are flying around that the 'third party' data controller holding the out of date information, was linked to David Evans, the General Secretary of the Labour Party and his wife.

Whatthechicken · 07/11/2021 05:03

I think it’s the ‘third party’ thing that’s going to cause them trouble. Any ‘third parties’ that data is passed onto should be explicitly named when permission is sought.

Whatthechicken · 07/11/2021 05:08

And the reluctance to name that ‘third party’ is just plain suspicious.

PronounssheRa · 07/11/2021 08:22

Ah, that explains why David Evans was telling people not to talk about it

TrevorFountain · 07/11/2021 08:34

I got an automated reply to my complaint - did anyone else get the one with the SPAG error in it?! (Annoying unnecessary apostrophe.) Followed by the Very Serious Statement about data protection?

Flip

1 2 3 4