INM claims its alleged data breach happened 'under the instruction' of its ex-chairman
A letter from the publisher was sent to those believed to have been affected by the email trawl.
IRELAND’S LARGEST PUBLISHER, Independent News and Media, has said that staff data allegedly sent to a third-party firm for interrogation was shared on the order of its former chairman, Leslie Buckley.
The company has written to several individuals who may have had their data searched as part of the alleged information breach at the firm.
INM said in the letter that information had been provided “to a third-party service provider under the instruction of the then chairman of INM”, a reference to Buckley.
Text messages sent to Buckley, published in the Irish Independent last week, reveal that almost 40,000 emails from Joe Webb, INM Ireland’s former chief executive, may have been sourced during the alleged data interrogation.
The Office of the Director of Corporate Enforcement (ODCE) – the State’s corporate governance watchdog – has applied to the High Court to appoint inspectors to investigate the media group.
Since then, details of the ODCE affidavit have leaked through media outlets, including INM titles.
It was revealed last week that back-up tapes from the group’s IT system were allegedly removed from the company’s premises and handed to another firm, Trusted Data Solutions, for searching.
It is claimed that the list of records to be searched included former company executives and several people connected with the Moriarty Tribunal, which investigated the awarding of the State’s second mobile phone licence to INM’s largest shareholder, Denis O’Brien.
In a statement last week, Buckley, a longstanding business associate of O’Brien, said he would “continue to cooperate fully with the ODCE and will robustly defend my position against each and every allegation”.
The letter to those involved
In its letter, INM said that “prior to receiving the court papers from the ODCE” it understand from those involved in the data probe that the search was ”for the specific purpose of seeking details regarding and terms and value for money of a particular long-term contract for professional services”.
However, the letter said that the materials provided on 23 March by the ODCE suggested that the data may have been searched “more extensively and for a different purpose”.
The letter said: “In particular, the materials provided by ODCE include a list of names of ‘additional users/persons of interest’, including your name.
“This suggests that the data recorded on these back-up tapes may also have been restored and searched for communications including reference to you.”
INM said that it does not know whether any such searches were undertaken or for what purpose. However, it said that “based on the limited information currently available to INM it seems possible that they were”.
“INM also does not know to whom any results of any such searches might have been provided,” the letter said.
‘Unauthorised disclosure’
In the letter, INM goes on to confirm to the individuals that “information relating to you may have been put at risk of unauthorised disclosure”.
It said that the data may have consisted of references to the individual in emails and digital files at INM servers and on related back-up tapes as of October 2014.
“We are co-operating with the Office of the Data Protection Commissioner in relation to the matter,” the letter said.
It went on to say that INM will update the individual “regarding our investigation and particularly if it transpires that personal data relating to you was the subject of unauthorised disclosures”.
INM has been contacted for comment.
Reporting by Hayley Halpin and Peter Bodkin