Share this page!

The Citizens Profile picture
Twitter logo
Jun 6 19 tweets 9 min read
🚨NEW:

The Labour Party are still refusing - nearly eight months on - to answer Subject Access Requests from party members about what information was lost during a massive data breach back in October last year. 🧵
@allthecitizens / @TheEyeballsEN / @BylineTimes
Following news of a data breach affecting the Labour party, in which a ‘significant quantity of party data’ was rendered ‘inaccessible’, @allthecitizens can confirm that members still haven’t had their requests for information answered by the party.
In a press release following the attack, Labour announced that the data affected included ‘information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information’
labour.org.uk/about-your-dat…
The event affected a third party, Tangent, which handles Labour’s membership data, who fell victim to an attack by an unknown ransomware group.

They locked Tangent out of the database, holding the info hostage until the company agreed to pay...
techcrunch.com/2021/11/04/lab…
Tangent refused, so the data was corrupted, rendering it inaccessible.

Labour engaged the National Crime Agency, National Cyber Security Centre, and Information Commissioner’s Office, but it didn't inform affected members until 5 days after the breach.
publictechnology.net/articles/news/…
In response, @allthecitizens and @TheEyeballsEN, both formed in the wake of #CambridgeAnalytica, collaborated in Nov to develop a Subject Access Request generator, to help people file automated requests to uncover what specific user data was compromised:
The tool was launched in late November 2021, and included an initial set of over 90 applicants.

Respondents were then asked, after Labour had failed to respond initially, to send a further prompt to the party in January, and once again in mid-April.
Of the 25 applicants who saw the process through to the end, so far not one has recorded receiving a response from Labour.

What’s more, in the months since the breach, they've failed to communicate what specific data was accessed, or a full breakdown of info it holds on people.
Shockingly, many of those affected by the breach had left the party years earlier, some had never even joined, instead having made one-off payments to affiliates, or signing up for mailing lists.

Some had left the party as late ago as 2014…
inews.co.uk/news/politics/…
Speaking to @allthecitizens, one ex-member said that ‘I left the Labour Party in 2016, after they waved through the Investigatory Powers Act - so that’s five years between my leaving and the data breach!’

Others voiced similar concerns and frustrations with the lack of response:
Labour claims its own systems have not been affected, although its membership webpage has been down since it happened. As a result, the party reportedly doesn’t have a complete membership list beyond December 2021.
The loss of accurate membership data also included people who were in arrears with payments. labourlist.org/2022/01/labour…
What’s more, the party have reportedly been advising colleagues to ‘refrain from any public commentary (on social media or otherwise) on this matter’.

Frustrated members have now gone to the Information Commissioner’s Office themselves for answers.
skwawkbox.org/2021/11/04/eva…
The ICO however, while having directed Labour to respond to those requesting copies of their data, have said that “The ICO’s role is to provide an outcome to individuals and we are unable to act as a mediator in these situations.”
The party website states that it can hold information on party members for up to fifteen years (in the case of Electoral Register data), and variously up to 6-10 years for names, addresses, donation values, call notes and correspondence, and profiled data.
labour.org.uk/privacy-policy/
Of key concern, given cases like Cambridge Analytica, is the potential for highly sensitive information - financial, constituent, or other identifiable data, specifically current party membership information - to be abused by malicious actors should it fall into the wrong hands.
At least 5 law firms are now looking to take up lawsuits against the party and Tangent, for refusing to engage in the matter, with a firm telling @allthecitizens they already had ‘1000 claimants’

Likewise, every single member who joined our efforts has, as of yet, been ignored.
Meanwhile, we will continue our efforts to find out what data Labour held on its past and present members, and push for greater transparency from them while investigations into the breach are still ongoing.

Labour and Tangent were approached for comment.
Read the full story from @MC_00_ below in the @BylineTimes:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with The Citizens

The Citizens Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @allthecitizens

The Citizens Profile picture
Jun 1
Clip from December:

How many "donors to the Labour Party" in receipt of Covid contracts can @MattHancock name, do you think?

We can name at least 15 donor-linked firms that were awarded, and a further 15 with non-financial ties to the Conservatives and government.
Mapping the Pandemic - £1 Billion in Contracts Awarded to Conservative Donors:
@allthecitizens @BylineTimes
bylinetimes.com/2021/03/29/map…
Mapping the Pandemic - £2 Billion in Contracts Awarded to Conservative Associates:
@allthecitizens @BylineTimes
bylinetimes.com/2021/03/31/map…
Read 4 tweets
The Citizens Profile picture
Jun 1
🚨Lords standards watchdog investigates a second Tory peer - Lord Chadlington - as the director of a firm that won £50 million in Covid contracts:
theguardian.com/uk-news/2022/m…
Chadlington recommended firm SG Recruitment to the government.

Lord Feldman, a fellow Conservative peer working for DHSC as an unpaid advisor, referred SG through the now-infamous "VIP lane", which fast-tracked referrals from the offices of ministers:
He's the 2nd Tory peer facing investigation for potential rule breaches involving the VIP lane, following an investigation launched against Baroness Mone.

Mone originally denied any involvement in another company, PPE Medpro, behind £200m in contracts:
Read 9 tweets
The Citizens Profile picture
May 30
🚨Labour has called for an investigation into leaked texts that indicate there was a SECOND rule-breaking birthday party, on 19 June.

This is one that didn't make it into the Sue Gray report.
theguardian.com/politics/2022/…
The report itself focused on 8 events, during which 83 people received 126 Fixed Penalty Notices (FPNs), and included details of raucous consumption, altercations, and abuse of cleaning staff:
Our @receiptkeepers had previously mapped at between 17-19 alleged events (including ones that took place outside of No.10 and the Cabinet Office)

Only 12 were considered within the scope of investigation by the Met Police, 8 of them resulting in fines.
Read 8 tweets
The Citizens Profile picture
May 25
Johnson's statement begins with him saying that "I take full responsibility for everything that took place on my watch"

Before later going on to state that the report "vindicated" him.
People reading the report can judge for themselves whether they think that's true...
Johnson's attempt to justify previous statements:

"when I came to this House and said in all sincerity that the rules and guidance had been followed at all times, it was what I believed to be true"

Says his attendance was not outside the rules - unlike one previous event...
Read 4 tweets
The Citizens Profile picture
May 25
Here it goes. #BorisJohnson statement ongoing
The defence line seems to be still and always the same: deflecting personal responsibility.

Remember that this man is in charge of the country.

What a joke. No surprise MPs laugh at it.
Read 9 tweets
The Citizens Profile picture
May 25
Here we go. First extracts from #SueGrayReport are out.
Damning.
The document contains further images which evidence yet more instances of rule-breaking at some of the 16 events within scope (4 of which didn't meet the threshold for the Met Police investigation):
In total, 126 FPNs were issued by the Met, to a total of 83 individuals (some of whom received multiple), for the following 8 events:
Read 30 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(