The UK Labour party suffered what it described as a “sophisticated and large-scale cyber attack” on its digital platforms on Monday, it has revealed.
The party said it was confident that its security systems prevented any data breach but said it had reported the attack to the National Cyber Security Centre, part of the UK’s communications and signals intelligence service GCHQ.
Speaking at an election campaign event in Blackpool, north-west England, the Labour leader Jeremy Corbyn said: “If this is a sign of things to come in this election, I feel very nervous about it all because a cyber attack against a political party in an election is suspicious and something one is very worried about.”
He added that the party was investigating who may have been behind the attack.
According to party and security officials, the incident was a distributed denial-of-service attack — where vast volumes of data are directed at computer servers overwhelming them and causing websites to slow down or crash.
But while a malicious denial of service attack can be effective it is considered by cyber experts to be relatively unsophisticated. Attribution may be more difficult compared with other types of cyber attack, security officials said.
The BBC quoted a Labour party “source” who said the attack could have come from “Russia or Brazil”, but security officials said there was no evidence at this stage that the attack had come from a hostile state such as Russia.
The incident nevertheless underlines the nervousness around possible cyberattacks during the general election. In recent weeks the NCSC has briefed all the main political parties on the threat posed to the election and campaign teams by cyber attackers.
Last year the UK joined the US in attributing the 2016 hack on the Democratic National Committee to Russian military intelligence.
Niall Sookoo, Labour’s executive director of elections, wrote to campaigners to explain why systems were working slowly on Monday.
“Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour party platforms which had the intention of taking our systems entirely offline,” he wrote.
“I would like to pay tribute to all the teams at Labour HQ who identified this risk and acted quickly to protect us.”
In a statement, the party said: “We have experienced a sophisticated and large-scale cyberattack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems.
“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed.”
Separately The Times revealed on Tuesday that Labour had published the names of people who had donated through its website in what could — according to experts — be a breach of the EU’s General Data Protection Regulation rules.
