Supply Chain Attack On Labour Party Shows Bad Actors Have A New Favourite Tactic

By   ISBuzz Team
Writer , Information Security Buzz | Nov 04, 2021 01:03 pm PST


The Labour Party has suffered a major data breach, with members being emailed this afternoon to warn them information being stored by a third party may have been compromised.

Notify of
5 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
November 4, 2021 9:11 pm

<p>It is quite normal for the NCSC to get involved in large scale attacks particularly when the loss of data is potentially very damaging. Even though financially motivated, the key pivot point to receive the money will be via dangling any sensitive data on the dark web and among interested parties. This will likely increase the chances of the demands being paid.  </p>
<p>As more and more ransomware attacks now anchor on the data leaking, this could be a challenging time for those in control of the Labour party. The victims caught up in the compromise must now place more attention to any follow up suspicious emails and phone calls should their details have already been leaked to the next level of malicious actors.</p>

Last edited 2 years ago by Jake Moore
Kingsley Hayes
Kingsley Hayes , Head of Data Breach
November 4, 2021 9:10 pm

<p>We do know that the privacy violation only affects a third party’s systems and that the Labour Party’s own data and systems are unaffected. However, this is likely to be of little comfort to anyone whose personal data has been compromised. The fact that people have been put in this position in the first place is a serious failure.</p>
<p>We would warn people to be suspicious of any emails purporting to come from the Labour Party about this incident. Criminals often use the fear and distress caused by a breach to encourage people to click on phishing links and steal valuable personal information.</p>

Last edited 2 years ago by Kingsley Hayes
Joseph Carson
Joseph Carson , Chief Security Scientist & Advisory CISO
November 4, 2021 9:08 pm

<p>This latest data breach disclosed by Labour highlights the importance on third party and supply chain security controls, you must ensure that third parties meet your security requirements and don’t just assume.  Even though this was blamed on a third party, Labour is still responsible and accountable. </p>
<p>Labour has recommended to use Multi-Factor Authentication where possible thought it’s also advisable to do even more and get a password manager that makes all your passwords unique and complex.</p>

Last edited 2 years ago by Joseph Carson
Mike Campfield
Mike Campfield , Head of EMEA Operations
November 4, 2021 9:07 pm

<p>The Labour party’s supply chain attack has left the party warning members’ their data, stored by a third party supplier, may have been breached. This tactic is quickly becoming a firm favourite among bad actors, with this being the third critical supply chain attack on record this year. </p>
<p>Organisations are more and more reliant on external entities for services, but if third party suppliers have little to no ability to defend against these attacks, organisations have no chance of protecting themselves. Knowing your suppliers to assess and understand blind spots is vital to fighting against these looming threats. If just one supplier’s security processes trails behind the rest, it quickly becomes the weakest link and therefore most attractive entry point for bad actors. </p>
<p>Zero trust frameworks, which assume you can’t trust anyone, are being adopted to fight supply chain attacks. However, this isn’t enough to keep bad actors out. Businesses need visibility to understand how to identify if anything is lurking on their IT network. When organisations have complex supply chains, they need visibility across all customers to protect against any threats. It’s a must to be able to see activity, including any files going into or leaving their IT environment, even in an encryption event, that can be identified to know the extent of potential damage.</p>

Last edited 2 years ago by Mike Campfield
John Smith
John Smith , EMEA CTO
November 4, 2021 9:05 pm

<p>Whilst we are yet to know the specifics of this data breach, the incident is concerning as it highlights a failure to prioritise security. Data breaches can be severely damaging and this could risk the Labour party\’s crucial member loyalty. As the victim of a second data breach by a third party in less than two years, it is an important reminder that all organisations must consider the exponential expansion of risk and adapt their approach. Leaders should ensure their teams and suppliers embrace a ‘secure by design’ mindset. We need to move away from the siloed approach and have a better understanding of systemic risk – understanding the mission of the organisation as a whole and its reliance on the broader ecosystem of technology providers.</p>

Last edited 2 years ago by John Smith

Recent Posts

Would love your thoughts, please comment.x