Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack The UK's Labour Party, the official opposition to the country's ruling Conservatives, has suffered a humiliating data breach. Members of the party were sent notice of the issue mid-afternoon UK time, which confirmed a "third party that handles data on our behalf has been subject to a cyber incident." The email, titled " …
Not only that, but she will back to demanding that all https is banned and that private individuals can't use encryption. That will work really well at stopping cyber attacks. I'm sure she really wants all passwords transmitted in the clear as well, you know to help the security forces keep our country safe.
An attack on the leader of said party could possibly be taken in that way. But a cyberattack on the Widdecombe-under-Moped* local conservative association's annual jam-making contest, possibly less so.
[* a fictional village in Geoffrey the tube train and the fat commedian and not a besmirchment of the one-time Minister for Prisons]
No way will that happen to the Conservative party. They have insurance in the form of Dido Harding who one presumes have given them the inside track on how to guard against cyber attacks. Lightning never stikes twice, right?
On the other hand, she may be a lightning conductor...
Dunno but they spend £3M a year on this so not insubstantial (2019 audited accounts). I did just send them a Data Enquity and got an automated reply from IP Address 52.100.178.214
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
so - maybe it's even more embarrasing?
From https://labour.org.uk/privacy-policy/members/
The Labour Party has established procedures to ensure that technological and physical controls are in place that guarantee the privacy of data subjects, the security of data held on technological systems and that all data held by the Labour Party is processed according to an established lawful processing condition. Any such procedures will be reviewed as necessary and updated to ensure their effectiveness in line with advances in technology.
Our website has security measures in place to protect against the loss, misuse or alteration of the information under our control. Our servers are located in a locked, secure environment, with a guard posted 24 hours a day. When you donate online, we use a secure server to protect your credit card number and other personal information during transmission. The details are transmitted using encrypted mechanisms to ensure absolute security.
LOLS
Hmm, if that is the case, that's surprising, and saddening.
You would think that the people's Labour Party would use a UK company (preferably one organised as a co-operative or social enterprise, and there are not a few ISPs and web development companies set up that way) rather than shovel money into the claws of a foreign behemoth...
Do what I say not what I do, much?
Where have you been living? That social democratic version of the Labour Party died when Blair was elected. It might have had a chance to be resurrected if Corbyn had been elected, but for some reason The S*n (censored because I'm from Sheffield and that name is almost as offensive as it is in Liverpool) papers were trying to convince us that would have been catastrophic for the nation. Still, I am glad things as they're going are so much less catastrophic.
"Our servers are located in a locked, secure environment, with a guard posted 24 hours a day."
That could be pretty much any commercial data centre. They all have 24/7 access and someone on the gate/door. And yet Labour are implying their servers are in a special place with a special guard just for their servers.
They need to put a pound in the swear jar for coming out with that clichéd and long past its use-by date term…
Can we pass a law that anyone using that word should have a crate of floppy disks poured on their head? Please?
("Cyber" doesn't even really mean what they think it means, it's clearly (not) all Greek to far too many people «grumbles»)
Why is it inappropriate? Cyber - from the Greek "kybernḗtēs" meaning helmsman - i.e. the one who controls. Computers control the internet, deciding which data goes where and how it is displayed. They control spacecraft - Spacex Crew Dragon is completely automatic. They'll soon be controlling vehicles. They literally are "helmsmen".
Cyberspace, while based on physical devices is a dimension composed of data, rather than the tangible, again controlled and maintained by computers. An attack which takes place in that dimension can logically, rightly called a cyber attack.
Yes, as you rightly say, the proper meaning of cybernetics is to do with systems and control, but "cyber" is all too often used in lazy phrases such as "cyberspace", "cyber attack", etc, when those who come out with such phrases really just mean "on the interwebz tubes". They are just grating phrases which try to make things sound more grandiose than they are, and which really should belong in the bin along with "surfing the information superhighway" and the like…
She stopped paying when Corbyn made such a mealy mouthed hash of opposition to Brexit. She was sent an email from the Labour party this afternoon notifying of the breach. Seems like its time to report them to the ICO for retaining the personal information of non-members for an an excessive period of time.
Nothing to do with him consistently and dogmatically being painted as unelectable over 5 years by almost every mainstream paper in the country then, all of whom unsurprisingly oppose higher tax rates for corporations? You should look at the several LSE studies on media coverage of Corbyn and just how bent it was. And what exactly do you think his influence over the current Labour party, that all but ousted him and has since been "led" by Starmer, is?
To be fair, while I think Corbyn was useless, I think he did about the best anybody could have done with the situation he inherited.
The underlying problem is that Labour had been trying to appeal to two opposing groups of people to create their voting block, the working class, and the middle class. New Labour managed to make this combination an unstoppable behemoth by appealing to both the working and middle classes by being vague and often self contradictory.
The working classes were purged from Labour's management and the middle class takeover of labour led to them taking a policy on Brexit popular with the middle classes (ie; reverse the "wrong" answer given in the referendum without another vote because they knew they wouldn't win it) despite the obvious issue that the working class voters would obviously not be happy with this. In a further genius move this was combined with sneering at the working class voters that there was nothing they could do about it, and if they didn't like it they should "fuck off and vote for the Tories"; this concept of course being unthinkable for a proper left thinking Guardian reader.
Predictably to anybody with at least two brain cells at the next election all of the people who had been told to "fuck off and vote for the Tories" either did so or just stayed at home, and Labour ceased to exist as a serious electoral force, collapsing to the lowest result ever recorded since the party's formation. To appease and encourage these voters back following Corbyn's departure in a move of complete genius they then put the architect of that plan in charge of the party, ensuring that the "lowest result ever recorded" is likely to be the new high water mark for Labour.
retaining the personal information of non-members for an an excessive period of time
I imagine there was a cost involved with membership, in which case HMRC will demand ~7 years of records. Putting that to the side did you partner send a GDPR notice to inform the Labour that they were withdrawing their consent and would like all their data to be removed?
If they didn't do that I'm sure Labour could simply say "As demonstrated by the fact this person paid for membership they were interested in politics as such we are keeping them informed. Failure to continue paying just indicates they no longer wish to participate in party elections" as a reason for retaining the data.
> Seems like its time to report them to the ICO for retaining the personal information of non-members for an an excessive period of time.
I highly doubt the ICO will do anything with such a complaint!
I was affected by a data leak/breach of a large worldwide "social network"-related company (not Facebook BTW) last year. I had actually stopped using the company's services approx 8 years prior to then but, as was often the case with such "social" companies back then they provided *no* means to delete accounts, only to deactivate them so at the time I manually deleted what personal data I could from the account and deactivated it and eventually after a few years forgot the account had even ever existed.....until I received the data breach notification email from the company last year.
So I submitted a SAR (as well as a complaint) to see what data the company still had - this included several items of "special category" personal data. I then opened a case with ICO and, after about 6 months, ICO decided to take no action at all and closed the case. ICO basically said "well you never asked them to delete your data".
In fact in my ICO complaint I had pointed out that (a) the company had a policy of *never* deleting accounts when I last used their service (in approx 2012), (b) since GDPR came into force the company had introduced a means to delete existing active accounts (though intentionally making it awkward) but that they continued to retain data from already deactivated accounts (effectively indefinately), and (c) whilst their Privacy Notice did mention data retention in general it made *no* mention of retention for deactivated accounts, indeed it made no mention of deactivated accounts at all.
ICO just didn't care...they're a chocolate fireguard
And so did I until I became completely and utterly cheesed off with Corbyn.
I had to laugh though when I received my copy of the email telling me of the "cyber" attack and warning me that some unspecified "information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the Party" had been compromised because when I first tried to resign I received a wonderful email from the party saying:
"I am very sorry that you are thinking about resigning your membership.
Unfortunately based on the information from your email we are unable to find you on our records."
So they can't have lost much about me.
that all politicians know fuck all about how the internet works, let alone security. No doubt the "third party" concerned was the cheapest.
I also note that, after reading the article twice, they don't seem to know what info has been compromised. How reassuring to to the people affected.
We have a running gag at work. Every time when our frontline defenses against email nasties see a blip above the normal noise, we try to guess the time till the next so called "cyber attack".
Last uptake with multiple instance of the same virus not found by connection and weak inspection defense (aka we have to scan this thing and not simply check the hash): Night from monday to tuesday. 56 hours from our internal report till news at The Register or other news is more than my guess of 39 hours. I assumed another east German district.
I think the cow-orker betting on a political party or known charity has won.
And they call these things "cyber attacks".
Cynical, experienced what's the difference?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
