Labour Party unable to access data after suspected cyber attack on managed service provider
The incident is being investigated by both the National Crime Agency and the Information Commissioner's Office


The UK's Labour Party has confirmed that a cyber attack has left it unable to access large amounts of its data.
The Party first became aware of the incident on 29 October 2021 after being told by a third party, which handles data on Labour's behalf, that it was subject to an unspecified "cyber incident".
Labour said as soon as it became aware of the situation, it engaged outside experts and immediately reported it to the relevant authorities, including the National Crime Agency (NCA), National Cyber Security Centre (NCSC), and the Information Commissioner's Office (ICO) - all of which are currently investigating the incident.
Data currently inaccessible includes member information, registered and affiliated supporters, and other individuals who have provided information to the party, Labour said in a statement posted online and sent directly to members.
While the official wording used by all the authorities and known parties involved broadly categorises it as a "cyber incident", the information shared, combined with testimony from sources speaking to wider media, suggests that one of Labour's managed service providers (MSP) may have been hit by ransomware.
Labour said it is still currently trying to understand the full nature of the attack and its scope, but assured the Party's own data systems remain unaffected.
RELATED RESOURCE
The best defence against ransomware
How ransomware is evolving and how to defend against it
"We are aware of this issue and are working with the Labour Party to fully investigate and mitigate any potential impact," said the NCSC.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
A spokesperson for the NCA said: "The NCA is leading the criminal investigation into a cyber incident impacting on the Labour Party. We are working closely with partners to mitigate any potential risk and assess the nature of this incident."
Much of the information around the cyber attack, such as who or what group is behind the attack, or whether a ransom has been demanded, have not been confirmed. The affected MSP has also not been identified yet.
"The Party takes the security of all personal information for which it is responsible very seriously," said Labour. "It is doing everything within its power to investigate and address this incident in close liaison with law enforcement, the Information Commissioner’s Office and the affected third party."
Labour also encouraged members to be vigilant against suspicious activity such as receiving unusual emails, phone calls, and texts.
The Labour Party was one of a number of organisations caught up in the infamous hack on database service provider Blackbaud, which also hit a range of UK universities and Bletchley Park donors.

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs