Hackers gained access to confidential information about thousands of Labour party donors, ITV reported today. This security compromise is the result of a wider cyber-attack directed at cloud computing provider Blackbaud, which affected over 125 institutions in the UK, including many universities.
The compromise affected the fundraising and donor management software Raiser’s Edge, which is developed by Blackbaud. A Labour spokesperson said to ITV that they received a notification of the incident from Blackbaud and that the matter was reported to the ICO, with whom the party is working to establish further facts around the situation.
Commenting on the news, Chad Anderson, senior security researcher at DomainTools, said that although this breach is part of a bigger puzzle, the Labour party is encouraged to take all the necessary steps to ensure that any potentially affected party are informed and provided with security advice to minimise the associated risks.
Jonathan Knudsen, senior security strategist at Synopsys, pointed out that there are two lessons to be learnt from this breach. “First, every organisation is a software organisation, regardless of underlying mission or purpose. The immediate consequence is that every organisation must manage the risk of software misconfigurations, mistakes, and mischief. Every organization must have a software security awareness, with plans and processes for minimising the business risk that is associated with the software it is using,” said Knudsen. “Second, the Blackbaud incident shows that managing software risk has a larger scope than just one organisation. The software security deficiencies of partner or supplier organisations become your own problems when you depend upon them for delivering products or services,” he concluded.