Labour party has data compromised following Blackbaud hack

Labour Party
Credit: PA

The Labour party's data has been compromised and confidential information about thousands of donors has been accessed by cyber criminals, ITV News has learned.  The party is among growing number of organisations to have their data breached following a cyber-attack on cloud computing provider Blackbaud.  It is believed that information pertaining information about donors over a period of several years has been compromised.  ITV News understands that the party was informed about the breach on the July 16 and will be sending correspondence to all those impacted by the attack later this week.  The Labour party had been using the fundraising and donor management software Raiser’s Edge created by Blackbaud and a job advertisement as recent as this month that was posted on the party’s website included the requirement of a “good working knowledge” of the software.  Sources say that personal and confidential information about donors, including analysis that was run by the party about their personal views, is likely to have been accessed.  They also say that all donors, including those who donated less than £7,500 and therefore did not have to declare their donation to the Electoral Commission, are likely to have had their data breached.  A Labour spokesperson said: “We have been alerted by one of our suppliers, Blackbaud, that they have suffered a data breach. We have reported the matter to the [UK's Information Commissioner's Office] ICO and are working to establish further facts around this situation. We will take any action necessary in line with our statutory obligations.”The UK's Information Commissioner's Office (ICO) had earlier said that at least 125 other organisations had been affected by the breach, including universities and charities.  A spokesperson from the ICO said: "Blackbaud has reported a data breach incident which has potentially affected a large number of UK organisations using its services and we are making enquiries.”"Organisations involved should be getting in touch with their customers to inform them if their personal data has been impacted."Blackbaud, which provides a customer relationship management system for the party, was hit by a ransomware attack in May 2020.The organisation reportedly paid a ransom and has "received assurances from the cybercriminal that the data had been destroyed".