Just one formal complaint has been made to the Data Protection Commissioner in relation to the theft of personal data belonging to 2,000 members of the public from a Fine Gael website.
Two investigations are underway, one by the commissioner’s office and one by gardai, following the hacking incident on Sunday night.
The FBI has also been notified of the data breach because the party’s site was hosted in the United States.
A file containing personal information – including IP addresses, mobile phone numbers, e-mail addresses and comments left on the website by some 2,000 members of the public – was forwarded to the media by e-mail from someone purporting to belong to the Anonymous group connected with Wikileaks.
Information security experts have, however, cast doubt on this claim.
The sender claimed the site was attacked because comments submitted “were being censored”. This was disputed by Fine Gael, which said the comments were merely being moderated for profanity, abusive language or continuous party political attacks.
Assistant Data Protection Commissioner Diarmuid Hallinan confirmed today his office had been contacted by some members of the public after the data was compromised. Just one formal complaint has been made.
The Data Protection Commissioner’s office is not expected to comment further while the investigation is ongoing. Fine Gael has confirmed it is cooperating with all the authorities examining the security breach. It contacted gardaí yesterday after media outlets received the e-mailed database purporting to come from online activist group Anonymous.
The attack took place between 8pm and midnight on Sunday and the following message was posted by the hackers: “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”
Another anonymous email today appearing to be from the same sender said the information had been taken from the Fine Gael site “as proof that it could be done”.
The mail said all copies of the data base taken from the Fine Gael server had been “securely destroyed”.
“We had no intention of passing them on to anyone other than the media in this instance, so the users whose data had been compromised should not be afraid that they will be targeted for spam email,” the message said.
The message purporting to come from the hackers said they were “not interested in doing lasting damage or distorting the views of the public, as can be seen by the fact we even backed up your database on your server”.
“We merely did this, to highlight the lack of security on a server you proclaimed to be secure.”
The purported hackers added that protesting “censorship of comments (i.e. blatant dishonesty) was secondary to this”.
It said the party should, if it decided to “harvest” its supporters’ personal information in the future,“secure it adequetely and future incidents like this can be avoided - the next person who tries may be far more malicious”.
The email also suggested that in future the party should use “an Irish web hosting service to support “the local economy”.
A spokesman for Fine Gael said the party was doing "everything we can" to help the various authorities with their inquiries.
Fine Gael's website, relaunched just last week as part of the party's strategy to attract comments and ideas from members of the public, remains down with a message notifying those accessing it about the hack.