Following the news that the Labour Party has been forced to lock down access to its membership databases over rumours of a data breach, IT security experts commented below.
Jake Moore, Cyber Security Expert at ESET:
“Political parties will always be on a hacker’s radar so their security teams should never take their foot off the gas. Cyber criminals are usually motivated by either financial gain, political reasons, or the desire to cause damage. As this concerns the Labour party, all three likely play a role. Being immediately transparent and upfront with any sort of breach is the best course of action to take. Understanding this guaranteed risk will put any company in a better position when cyber-attacks inevitably happen.”
Joseph Carson, Chief Security Scientist at Thycotic:
“Data Protection and Privacy are going to continue to be two of the most important topics and themes for years, this is a great example of how governments are not adhering to their own laws. The UK’s Data Protection Act 2018 ironically, which is a copy of the EU General Data Protection Regulation, is in full affect here and it demonstrates the importance of consent relating to personal identifiable information. When roles change, such as the situation in which members of the UK Labour party leave, they immediately should no longer have access to the sensitive data of citizens without proper consent. This means that the UK Labour party failed to control access and apply the principle of Least Privilege in this incident which leaves them jointly liable for this data breach. It is clear that while a high priority, when it relates to controlling access to both privileged accounts and privileged data, most are still failing to implement and put important access controls in place.”
Anjola Adeniyi, Technical Account Manager at Securonix:
“GDPR expects data controllers, in this case the Labour Party, to ensure the security of the personal data they hold and this includes technical means.
Identity and Access Management processes and technologies can come to aid here, especially as the biggest security threats are often on the inside of organisations.
Likewise, the breakaway MPs suspected to be involved in this incident could be committing an unlawful act.”