A sophisticated cyber attack launched on an IT firm serving UK’s Labour Party has reportedly leaked sensitive details related to members and supporters. Labor Party was informed about the incident on October 29th,2021 after which it review the situation and informed the media, National Crime Agency(NCA), National Cyber Security Centre(NCSC), and Information Commissioner’s Office (ICO).
NCA has been asked by the parliament to launch a detailed investigation and has revealed after its preliminary inquiry that the Labour Party’s own IT infrastructure remained unaffected by the digital attack.
The name of the IT firm that was quenching the IT needs of the predecessor of the Labour Representation Committee has been withheld.
However, it’s official that an IT firm named Blackbaud a supplier of IT services to Labour Party Members was hacked by cyber criminals in August 2020 and details such as names, email addresses, contact numbers and annual donations made to the party were accessed by hackers through the attack.
Interestingly, the attack was later tagged to be a ransomware attack where the criminals who hacked the database were paid by Blackbaud, a handsome sum to gain back the data from encryption.
In the same way, if the recent incident leads to data theft, then it could trigger concerns of identity theft to the supporters and members as any data like email id and contact number can be used by hackers to create a profile of an individual within no time.
Still, the party that carries a red flag has to confirm whether its IT service provider has become a victim of a file encrypting malware attack where criminals first steal data and then encrypt a database until a ransom is paid.
