INM19: Mailboxes of four people rebuilt in data breach

Mediahuis denies responsibility for alleged actions of former chairman Leslie Buckley

n legal documents recently filed in its defence of a claim over the data breach, Mediahuis says the entire contents of the four mailboxes, which included those of former INM chief executive  and its former corporate affairs director, were rebuilt by technical experts. Photograph: Frank Miller/The Irish Times

n legal documents recently filed in its defence of a claim over the data breach, Mediahuis says the entire contents of the four mailboxes, which included those of former INM chief executive and its former corporate affairs director, were rebuilt by technical experts. Photograph: Frank Miller/The Irish Times

Your Web Browser may be out of date. If you are using Internet Explorer 9, 10 or 11 our Audio player will not work properly.
For a better experience use Google Chrome, Firefox or Microsoft Edge.

 

The secret data breach in 2014 at newspaper publisher Independent News & Media (now Mediahuis Ireland) that targeted the communications of the so-called INM19 – 19 people said to be relevant to the business interests of Denis O’Brien – homed in on just four former INM employees who had their entire email accounts reconstructed, the company has disclosed.

In legal documents recently filed in its defence of a claim over the data breach, Mediahuis says the entire contents of the four mailboxes, which included those of former INM chief executive Gavin O’Reilly and its former corporate affairs director Karl Brophy, were rebuilt by technical experts.

It says the mailboxes were then copied onto an encrypted USB drive that was handed over to a contractor with links to Leslie Buckley, Mr O’Brien’s business associate and INM’s former chairman who oversaw the illegal data search.

The company’s email system was also separately searched for information about the INM19, but only the four who previously worked for INM had their entire mailboxes reconstructed, it is suggested.

The company also confirms that the operation was paid for by a company, Blaydon, “of which Denis O’Brien is the beneficial owner”.

Defence documents

In the defence documents filed by Mediahuis Ireland in the case taken against it by Mr O’Reilly and Mr Brophy, the company also admits that it does not know if all the data exposed in the breach has been deleted by “all persons who had access” to the illegally-harvested communications.

Mediahuis Ireland and Mr Buckley are being sued over the data breach by Mr O’Reilly and Mr Brophy, who went on to found communications and lobbying firm Red Flag after they were ousted from INM in 2012 following a corporate battle with Mr O’Brien, who became INM’s largest shareholder.

Mr Buckley, who is separately being sued by Mediahuis Ireland for his alleged role in the affair, has already repeatedly denied all wrongdoing related to the data search, which the Data Protection Commission has found broke the law.

In its defence documents, Mediahuis also denies any wrongdoing and insists it is “a stranger” to why the data breach was carried out and the exact details.

The company denies it caused or facilitated the data search and says it cannot be “directly or vicariously” held liable for the alleged actions of Mr Buckley, who was acting as its executive chairman at the time the data breach was carried out in secret in late 2014, prior to the appointment of a new chief executive.

Cost-cutting

The company says Mr Buckley had been overseeing a cost-cutting exercise in 2014 known as Project Quantum. At the same time, it says access was granted to INM’s back-up IT systems by people known to Mr Buckley, including IT expert Derek Mizak and John Henry, a private security consultant with links to him. Mediahuis says it does not know the extent of Mr Henry’s involvement.

It says UK IT consultants sent a copy of a USB to Mr Mizak’s company with the four reconstructed mailboxes, including those of Mr O’Reilly, Mr Brophy and two unnamed former employees.

It says the UK consultants also carried out the INM19 searches.

Mediahuis says the first it heard of the secret data operation was when the State’s corporate watchdog – the Director of Corporate Enforcement, Ian Drennan – asked for information about it in 2017.

It says Mr Buckley told it that it was related to Project Quantum, but that it discovered that this was not correct in 2018 when Mr Drennan applied for High Court inspectors to investigate INM.

The company denies that Mr Buckley was acting on its behalf or that it was part of a “conspiracy”. It also attempts to apportion blame to Mr O’Reilly and Mr Brophy for any harvesting of their personal data, for using work emails and computers for such use. The company acknowledges that the DPC has already found it to be in breach of the law over the incident.

Mediahuis Ireland, which recently changed its name from INM following the takeover of the business in 2019 by a Belgian group that bought Mr O’Brien’s shares, previously failed with an attempt to stall the case pending the report of the High Court inspectors. Last month, it was given 42 days to file a defence or face having judgment entered against it.