Analysis comment

Video: expert advice on Labour’s massive data breach and what to do about it

Qualified litigator Glynis Millward gives the facts about Labour’s ‘significant’ breach and what those affected need to do about it

Earlier this month, Labour lost control of sensitive data affecting a huge number of current and former members to criminals after outsourcing the information to an as yet unnamed third party for processing, despite its website telling members and others that the party would never give their information to anyone else.

General secretary David Evans told victims not to talk about it. National crime and security agencies are involved.

On Sunday, qualified litigator Glynis Millward – whose own case against the Labour party saw then-general secretary Iain McNicol’s lawyers make a flustered call to beg her to withdraw – told viewers of the Not the Andrew Marr Show that it was clear that the scale of the breach was ‘significant’ and that Labour has a ‘cavalier’ attitude to the security of people’s information.

And she told those affected what they need to do, when the Information Commissioner routinely gives Labour a free pass, to hold the party to account for its actions:

Hundreds of thousands are believed to have been affected, despite the party’s refusal so far to say what was lost and by which company. If you are one of them, you now know what to do to make Labour answer for its conduct.

SKWAWKBOX needs your help. The site is provided free of charge but depends on the support of its readers to be viable. If you can afford to without hardship, please click here to arrange a one-off or modest monthly donation via PayPal or here to set up a monthly donation via GoCardless (SKWAWKBOX will contact you to confirm the GoCardless amount). Thanks for your solidarity so SKWAWKBOX can keep bringing you information the Establishment would prefer you not to know about.

If you wish to republish this post for non-commercial use, you are welcome to do so – see here for more.


    1. NO! Don’t just “wait and see”

      watch the video and do what Glynis advises,

      First and foremost write to Labour Party and formally ask what data do they hold on you – who is the 3rd party that passed the data on to and why was it give to them. Give them 30 days to respond with a 10 day reminder there after. Keep records of all correspondence of failure to respond.

      Join the Victims of Labours Data Breach

      “Wait and see” and you will be waiting for ever

      1. Hundreds of people on twitter have written to Labour. The vast majority have heard nothing. Those that have heard back have not received answers to their questions.

      2. Also, when you write to them they ask you to send photo ID before they will have a conversation with you.

      3. Thank you for the information
        Is there a non-FB place to join a group organising for the victims of the Labour Party Data Breach? If so where?

  1. That was brilliant, yesterday. Lots of very useful what to do, and what not to do.

    Glynis Millward was a mine of information.

    Thank you, Glynis.

  2. Mr Super Duper Mossad Spy tech guru is a bit shit ain’t he!?
    Was it Moses’ Staff Perhaps?

    1. Nice to see you posting again Skellynelly…Have you been effected by this Labour party fiasco,because I have despite having left the Labour party just after the illegal election of the knight.

  3. One are that’s highly unethical and borders on legality, is the number of members suspended following Labour trolling through their social media accounts or spying on them or having information passed to them via CLP Zoom meetings..

    Lawyers need to be holding the feet of Evans & Starmer to the fire..

  4. The Labour Party have published further details about the ‘data incident’

    Blackbaud data breach – The Labour Party

    You may have heard that one of our suppliers, Blackbaud, has suffered a data breach. The Labour Party takes its responsibilities regarding data security very seriously and this notice is intended to provide further information about this situation.
    What happened:
    Blackbaud have notified the Labour Party that they have been the victim of a sophisticated ransomware attack, which occurred sometime between February and May this year. During this time, a backup file containing personal information was stolen by a cybercriminal. It is important to immediately note that no sensitive information, such as bank account information, passwords or usernames, was taken. Blackbaud have also confirmed that they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result.
    Blackbaud have confirmed to us that the following personal data was affected:

    Email addresses
    Telephone numbers
    Amounts donated to the Labour Party

    We have been assured by Blackbaud that their security experts have fully investigated the attack and are in constant contact with the Information Commissioner’s Office (“ICO”) about the situation.
    Actions the Labour Party has taken
    The Labour Party has launched its own investigation and is working closely with Blackbaud, as well as our Governance, Legal, Data Protection and IT teams to gather more information about the breach. We will take any measures necessary to protect your data and are working to contact individuals we know have been impacted as soon as we can. In line with our data protection obligations, we have also notified the ICO about this breach.

    What you need to do
    While there is no action you need to take at this time, if you do become aware of any suspicious activity or suspected identity theft, you should notify the proper law enforcement authorities.
    If you have any questions in relation to this notice, you can call 0345 092 2299.
    We very much regret the concern or inconvenience caused as a result of this news. We will be in direct contact with individuals specifically impacted by the breach in the coming days.

Leave a Reply

%d bloggers like this: