FG site data breach investigated
Personal details of up to 2,000 people who submitted comments to the Fine Gael website were compromised in a cyber attack last night.
Gardaí and the Office of the Data Commissioner have opened separate investigations into the matter. Fine Gael notified the Garda Siochana of the attack this morning.
The Garda's computer crime investigation unit, which is a part of the fraud unit, has undertaken to investigate the alleged theft of data from the website.
Separately, Assistant Data Commissioner Diarmuid Hallinan confirmed his office was notified of the breach by Fine Gael this morning and was also investigating.
The focus of the regulator's investigation is to ensure that "appropriate safeguards" are put in place by the party to ensure the safety of personal data it holds, and to ensure it takes precautions to resist future hacking attempts.
The attack happened after the party changed its main website finegael.ie last week and replaced it with finegael2011.ie in anticipation of the expected general election.
Emblazoned with the Enda Kenny-attributed quote “One of the big failings of politicians is that they talk too much and don’t listen enough”, the website invited readers to submit comments along with contact details.
The website was hacked between 8pm and midnight last night and the following message was posted by the hackers: "Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!"
Personal information - including IP addresses, mobile telephone numbers, email addresses, and comments left on the website by some 2,000 members of the public - were then forwarded to the media by the "Anonymous" group, which claimed responsibility for hacking the website.
The group said it had attacked the site because comments submitted "were being censored", which, the statement said, "was terribly dishonest".
A notice published on the Fine Gael website this morning said the site had been suspended following the attack. Fine Gael said the group responsible is associated with the Wikileaks investigation and recent hacking attacks on Visa, Mastercard, and Amazon.
In a statement issued this afternoon, Fine Gael said it has contacted those members of the public who have been affected by the security breach, and has notified the Garda of the incident.
Finegael2011.ie was launched last Tuesday as a platform where members of the public could contribute to the political debate in the run-up to the expected general election.
Concerns were raised last week over Fine Gael’s failure to publish a privacy statement on the site and the Data Protection Commissioner’s office confirmed that it made contact with the party over the matter.
Organisations are obliged by law to publish information on how they apply data protection principles to information they collect and failure to do so can result in legal proceedings and a fine of up to €100,000 upon conviction.
The site is hosted by US firm ElectionMall Technologies and the legality of personal data that was collected on the site being processed in the US was also questioned.
The party told the Irish Times last week that data on the site was “absolutely secure” and protected under a “safe harbour framework” with the US.