Talk about spinning like crazy.
Labour is appealing to the privacy commissioner about lists of supporters and donors falling into the hands of a right-wing blogger….
President Moira Coatsworth said the party discovered on Saturday that there had been a potentially “malicious” breach of the database. An investigation revealed within hours that there was a “system vulnerability” that allowed Slater to access the details.
The database included details of several hundred donors but Ms Coatsworth said no credit card details were held on the site.
There are several things wrong with this picture
- Saying that there was a “system vulnerability” implies one single chink in their security armour. In reality, they had no security worth mentioning.
- There was no “breach” of the database. That implies that someone actually hacked into their operational database instead of what actually happened – that they left a copy of their data in a public place. The difference between those two things is a CIA mission and picking up something left on a windowsill (and one that can be seen from the road at that).
- There’s an implication that they detected a security issue and leapt into action. In reality, this directory has been open for (potentially) months, and this data has almost certainly been picked up by various hackers long before Slater alerted them to their issues. To give you an idea of how common hacking is on the internet, 6 years ago when I was on dial up, I had a program that warned of malicious attacks. It would alert on average every 10 minutes. This data is long gone.
- And finally, it’s pretty cheeky to call the privacy comissioner when they are the ones who put others information into the public domain. It was their responsiblity to keep this data secure. The fact that the data ended up in Slater’s hands is neither here nor there, the point is that it was publicially accessible.