Personal information from Labour Party members and supporters is among a “significant quantity” of data affected by a “cyber incident”.
The incident involved an IT firm which handles data on Labour’s behalf, and the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have been informed.
The NCA said it is leading a criminal investigation into what happened.
The full scale of the incident is being investigated but Labour’s own data systems were unaffected.
A Labour spokesman said the party was informed of the incident on October 29 by the IT firm, which it has not named.
“The third party told us that the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems,” the spokesman said.
“As soon as the party was notified of these matters, we engaged third-party experts and the incident was immediately reported to the relevant authorities.”
Labour is “working closely and on an urgent basis” with the IT firm in order to understand the full nature, circumstances and impact of the incident.
“We understand that the data includes information provided to the party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party,” the Labour spokesman said.
The party urged members and supporters who may have been affected to take extra precautions online, in line with NCSC guidance.
An NCA spokesman said: “The NCA is leading the criminal investigation into a cyber incident impacting on the Labour Party.
“We are working closely with partners to mitigate any potential risk and assess the nature of this incident.”
An NCSC spokesman said: “We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact.
“We would urge anyone who thinks they may have been the victim of a data breach to be especially vigilant against suspicious emails, phone calls or text messages and to follow the steps set out in our data breaches guidance.
“The NCSC is committed to helping organisations manage their cyber security and publishes advice and guidance on the NCSC website.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here