2,000 affected in Fine Gael data breach (update2)
Last week, I posted a news story on PogoWasRight.org that discussed whether the web site of an Irish political party, Fine Gael, might be breaching privacy laws. In a separate development, it seems that the site has now had a security breach:
Fine Gael has confirmed that the contact details of just under 2,000 people were compromised in the attack on its website last night.
The party contacted the office of Data Protection Commissioner Billy Hawkes following the website attack, which is investigating.
It also contacted the Garda Computer Crime Unit in relation to the incident.
In a statement, Fine Gael said it had this morning emailed all of those affected to notify them.
The Fine Gael website was forced offline last night after hackers attacked it removing the content and posting a message referring to censorship by the political party.
Read more on RTÉ. Fine Gael has attributed the attack to Anonymous Group, who they describe as a “professional” group of hackers. Here’s the relevant part of the statement:
Last night, we regret to report, the Fine Gael website was professionally hacked. The group that participated in this attack called themselves the Anonymous Group. This group has been associated with the Wikileaks investigation and attacks on companies such as Visa, MasterCard and Amazon. The attack occurred from 8.00pm to 12.00am last night.
We were alerted this morning that the Anonymous Group was able to secure the database of the information submitted by members of the public during the previous week. This affected just under 2,000 subscribers.
The Irish Times reports:
The website was hacked between 8pm and midnight last night and the following message was posted by the hackers: “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free spech yet they censor your voice. Wake up!”
Personal information – including IP addresses, mobile telephone numbers, email addresses, and comments left on the Fine Gael website by some 2,000 members of the public – were then forwarded to the media by the “Anonymous Group”, which claimed responsibility for hacking the website.
The group said it had attacked the site because comments submitted “were being censored”, which, the statement said, “was terribly dishonest”.
Update: Irish Central now reports that the number of affected is 4,000.
Update 2: Brian Honan discusses the incident on his blog and raises a great question:
One question I have not seen anyone ask nor heard any information on is why was the database containing the personal details not encrypted? Information relating to a person’s political beliefs is deemed as sensitive data under the Data Protection Act. Any sensitive data that is accessible from the Internet should have the appropriate security controls to protect it implemented and properly tested to ensure that they are working as designed.
His update also alerted me that the number is now back down to 2,000.[Link to Brian Honan’s blog entry corrected]