Anatomy of a Breach

Anatomy of a Breach: UK Labour Party — DDoS Attacks During a General Election Campaign

> series: anatomy_of_a_breach —— part: 131 —— target: uk_labour_party —— method: ddos —— context: general_election_campaign<span class="cursor-blink">_</span>_

Hedgehog Security 30 November 2019 12 min read
ddos labour-party uk-breach general-election democratic-process political-targeting series
Breach #131

A DDoS attack on a political party. During a general election. In the UK.

On 11 November 2019, the UK Labour Party confirmed that it had been the target of a large-scale DDoS attack on its digital platforms. A second, smaller attack followed the next day. The attacks, which occurred during the 2019 UK general election campaign, targeted Labour's website and online campaign tools. Cloudflare, which provided DDoS mitigation for the party, confirmed the attacks were 'large-scale' but were successfully mitigated without significant service disruption.

While no data was stolen and the operational impact was limited, the attacks were significant for their context: a major UK political party was targeted during a general election campaign — bringing the cyber threats to democratic processes documented throughout this series (DNC hack 2016, Philippines COMELEC 2016, UK Parliament email attack 2017) directly into the UK's electoral cycle. The source of the attacks was not publicly attributed, and no group claimed responsibility. The NCSC subsequently strengthened its guidance to political parties on cyber resilience.

Democratic Process Under Threat
Recommended

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call

Cyber attacks on elections are now part of the UK threat landscape.

The Labour Party DDoS attacks confirmed that UK democratic processes face the same cyber threats that have affected elections worldwide. From the Russian hack of the DNC (2016) to the Philippines voter data leak (2016) to the UK Parliament brute-force attack (2017), the pattern is clear: democratic institutions and political organisations are cyber targets — whether for disruption, data theft, or influence operations.

Election-Time Targeting
The timing — during an active general election campaign — maximised the potential disruption. Political parties depend on digital platforms for fundraising, volunteer coordination, voter outreach, and messaging. Disrupting these platforms during a campaign creates asymmetric impact. For <a href="/blog/sector-under-the-microscope-local-government">UK local government</a> bodies responsible for election administration, DDoS resilience is a democratic obligation.
DDoS Mitigation Worked
Cloudflare's DDoS mitigation successfully absorbed the attacks without significant disruption — demonstrating that prepared organisations with appropriate DDoS protection can weather even large-scale attacks. Our <a href="/penetration-testing/infrastructure">infrastructure testing</a> assesses DDoS resilience and mitigation strategy.
Attribution Remains Unknown
No group claimed responsibility and no public attribution was made. DDoS attacks are inherently difficult to attribute because they can be launched through botnets, amplification, and proxied infrastructure. <a href="https://www.cyber-defence.io/services/threat-intelligence">UK Cyber Defence's threat intelligence</a> provides attribution analysis for attacks against UK organisations.
All Parties at Risk
While Labour was targeted in this instance, all UK political parties, campaign organisations, and electoral bodies face similar risks. The NCSC issued guidance to political parties on cyber protection during elections. <a href="/cyber-essentials">Cyber Essentials certification</a> provides the baseline security that all political organisations should implement.
Lessons

Democratic processes require cyber resilience.

The Labour Party DDoS attacks established that UK elections face active cyber threats. For political parties, campaign organisations, local authorities administering elections, and any organisation involved in democratic processes, cyber resilience is not optional — it is a democratic obligation. Cyber Essentials provides the baseline. Infrastructure testing assesses DDoS resilience. SOC in a Box provides 24/7 monitoring during high-threat periods. And UK Cyber Defence provides incident response when democratic infrastructure is targeted.

Democratic Resilience

A DDoS attack on a UK political party during a general election. Is your democratic infrastructure resilient?

<a href="/penetration-testing/infrastructure">Infrastructure testing</a> assesses DDoS resilience. <a href="/cyber-essentials">Cyber Essentials</a> provides the baseline. <a href="https://www.socinabox.co.uk">SOC in a Box</a> monitors during elections.

Commission a Resilience Assessment Next: 2019 Year in Review
Next Step

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call
Keep Reading

Related Articles

Anatomy of a Breach 30 September 2025

Anatomy of a Breach: Jaguar Land Rover — Manufacturing Halted, Staff Sent Home, and Revenue Hit by Ransomware

Breach #201. In September 2025, UK car manufacturer Jaguar Land Rover (JLR) was hit by a cyber attack that severely disrupted production at its Halewood plant in Merseyside, forcing staff to stay home while the company responded. The incident, reportedly claimed by a group calling itself Scattered Lapsus$ Hunters, prevented car dealers from registering new JLR vehicles — during one of the busiest periods for new car registrations in the UK. JLR subsequently revealed that the attack had a significant financial impact on its revenue. The M&S and JLR attacks together constituted the most damaging year for UK corporate cybersecurity on record.

jaguar-land-rover jlr
13 min read
Anatomy of a Breach 31 May 2025

Anatomy of a Breach: UK Retail Under Siege — Co-op Group and Harrods Targeted in the Same Campaign

Breach #197. In May 2025, the coordinated assault on UK retail continued. The Co-op Group — one of the UK's largest retailers with over 2,300 stores — disclosed a significant cyber attack that affected its retail operations and back-office systems. Harrods — the iconic luxury department store — confirmed it had been targeted in an attempted attack that was intercepted. Coming on the heels of the devastating Marks & Spencer breach, the attacks on Co-op and Harrods confirmed that UK retail was under sustained, coordinated targeting — prompting the NCSC to issue specific guidance to UK retailers on defending against the campaign.

co-op harrods
13 min read
Anatomy of a Breach 30 April 2025

Anatomy of a Breach: Marks & Spencer — DragonForce Ransomware Costs £1.9 Billion and Hits UK GDP

Breach #196. In April 2025, Marks & Spencer — one of the UK's most iconic retailers with over 33,000 employees and an estimated 200,000 in its supply chain — was hit by a ransomware attack attributed to DragonForce, leveraging social engineering techniques associated with the Scattered Spider collective. The attack disrupted online sales, in-store contactless payments, click-and-collect services, and supply chain operations for weeks. The Bank of England confirmed the attack had impacted UK GDP growth. The estimated cost exceeded £1.9 billion ($2.5 billion), making it the most expensive cybersecurity breach in British history. The attack was linked to outsourced IT services, underscoring the supply chain dependency that has defined every major UK retail breach.

marks-spencer dragonforce
16 min read
All Posts Get in Touch