Supply Chain Attack On Labour Party Shows Bad Actors Have A New Favourite Tactic

BACKGROUND:

The Labour Party has suffered a major data breach, with members being emailed this afternoon to warn them information being stored by a third party may have been compromised.

Experts Comments

November 04, 2021
Kingsley Hayes
Head of Data Breach
Keller Lenkner UK

We do know that the privacy violation only affects a third party’s systems and that the Labour Party’s own data and systems are unaffected. However, this is likely to be of little comfort to anyone whose personal data has been compromised. The fact that people have been put in this position in the first place is a serious failure.

We would warn people to be suspicious of any emails purporting to come from the Labour Party about this incident. Criminals often use the fear and distress caused by

.....Read More

We do know that the privacy violation only affects a third party’s systems and that the Labour Party’s own data and systems are unaffected. However, this is likely to be of little comfort to anyone whose personal data has been compromised. The fact that people have been put in this position in the first place is a serious failure.

We would warn people to be suspicious of any emails purporting to come from the Labour Party about this incident. Criminals often use the fear and distress caused by a breach to encourage people to click on phishing links and steal valuable personal information.

  Read Less
November 04, 2021
Mike Campfield
Head of EMEA Operations
ExtraHop

The Labour party’s supply chain attack has left the party warning members’ their data, stored by a third party supplier, may have been breached. This tactic is quickly becoming a firm favourite among bad actors, with this being the third critical supply chain attack on record this year. 

Organisations are more and more reliant on external entities for services, but if third party suppliers have little to no ability to defend against these attacks, organisations have no chance of protecting

.....Read More

The Labour party’s supply chain attack has left the party warning members’ their data, stored by a third party supplier, may have been breached. This tactic is quickly becoming a firm favourite among bad actors, with this being the third critical supply chain attack on record this year. 

Organisations are more and more reliant on external entities for services, but if third party suppliers have little to no ability to defend against these attacks, organisations have no chance of protecting themselves. Knowing your suppliers to assess and understand blind spots is vital to fighting against these looming threats. If just one supplier’s security processes trails behind the rest, it quickly becomes the weakest link and therefore most attractive entry point for bad actors. 

Zero trust frameworks, which assume you can’t trust anyone, are being adopted to fight supply chain attacks. However, this isn’t enough to keep bad actors out. Businesses need visibility to understand how to identify if anything is lurking on their IT network. When organisations have complex supply chains, they need visibility across all customers to protect against any threats. It’s a must to be able to see activity, including any files going into or leaving their IT environment, even in an encryption event, that can be identified to know the extent of potential damage.

  Read Less
November 04, 2021
Jake Moore
Cybersecurity Specialist
ESET

It is quite normal for the NCSC to get involved in large scale attacks particularly when the loss of data is potentially very damaging. Even though financially motivated, the key pivot point to receive the money will be via dangling any sensitive data on the dark web and among interested parties. This will likely increase the chances of the demands being paid.  

As more and more ransomware attacks now anchor on the data leaking, this could be a challenging time for those in control of the

.....Read More

It is quite normal for the NCSC to get involved in large scale attacks particularly when the loss of data is potentially very damaging. Even though financially motivated, the key pivot point to receive the money will be via dangling any sensitive data on the dark web and among interested parties. This will likely increase the chances of the demands being paid.  

As more and more ransomware attacks now anchor on the data leaking, this could be a challenging time for those in control of the Labour party. The victims caught up in the compromise must now place more attention to any follow up suspicious emails and phone calls should their details have already been leaked to the next level of malicious actors.

  Read Less
November 04, 2021
Joseph Carson
Chief Security Scientist & Advisory CISO
Thycotic

This latest data breach disclosed by Labour highlights the importance on third party and supply chain security controls, you must ensure that third parties meet your security requirements and don’t just assume.  Even though this was blamed on a third party, Labour is still responsible and accountable. 

Labour has recommended to use Multi-Factor Authentication where possible thought it’s also advisable to do even more and get a password manager that makes all your passwords unique and complex.

.....Read More

This latest data breach disclosed by Labour highlights the importance on third party and supply chain security controls, you must ensure that third parties meet your security requirements and don’t just assume.  Even though this was blamed on a third party, Labour is still responsible and accountable. 

Labour has recommended to use Multi-Factor Authentication where possible thought it’s also advisable to do even more and get a password manager that makes all your passwords unique and complex.

  Read Less
November 04, 2021
John Smith
EMEA CTO
Veracode

Whilst we are yet to know the specifics of this data breach, the incident is concerning as it highlights a failure to prioritise security. Data breaches can be severely damaging and this could risk the Labour party's crucial member loyalty. As the victim of a second data breach by a third party in less than two years, it is an important reminder that all organisations must consider the exponential expansion of risk and adapt their approach. Leaders should ensure their teams and suppliers

.....Read More

Whilst we are yet to know the specifics of this data breach, the incident is concerning as it highlights a failure to prioritise security. Data breaches can be severely damaging and this could risk the Labour party's crucial member loyalty. As the victim of a second data breach by a third party in less than two years, it is an important reminder that all organisations must consider the exponential expansion of risk and adapt their approach. Leaders should ensure their teams and suppliers embrace a ‘secure by design’ mindset. We need to move away from the siloed approach and have a better understanding of systemic risk – understanding the mission of the organisation as a whole and its reliance on the broader ecosystem of technology providers.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.