Members of Sir Keir Starmer MP’s team campaigning for the Labour leadership have claimed that they were performing penetration-testing on a database following party complaints that the campaign may have violated data protection laws.
The Labour Party officially reported two members of Starmer’s campaign team to the Information Commissioner’s Office (ICO) over the weekend, alleging they engaged in ‘data scraping’ from a central database.
The leadership candidate wrote to party members, however, denying any members of his team engaged in wrongdoing, according to BBC News, instead suggesting they were undergoing a process of pen-testing.
The members allegedly combed through the central party database, known as Dialogue, in order to obtain a subset of information about members in order to make calls for campaigning purposes.
Starmer has argued they were investigating the database for possible means of intrusion, however, in a letter addressed to party members.
“We categorically reject these nonsensical allegations and are incredibly disappointed that they have been leaked to the media,” a spokesperson from Starmer’s campaign told IT Pro.
“We are still awaiting the party’s formal response to the serious concerns we and others had about access to Labour Party membership data.”
Jenny Chapman MP, who is organising Starmer’s leadership campaign, branded the allegations as “utter, utter nonsense” and suggested the incident didn’t happen.
“This isn't even a situation where you say 'some over-enthusiastic young volunteers may have done it'. It didn't happen,” Chapman told BBC Radio 5 Live.
"We wrote to the Labour Party, and we thought that was the end of it as far as we were concerned. And the next thing you know, a couple of people on our campaign get letters saying 'actually we think you have done something wrong'.”
"Labour members want a fair contest. Whoever decided to send these threatening letters to people on the Starmer campaign and then leak it to the BBC are not really doing the Labour Party or their preferred candidate any favours."
How targeted simulations differ from penetration tests and vulnerability scanning
Stay one step ahead of cyber attackers
The ICO confirmed that it had received reports of a data breach from the Labour Party in relation to the membership database, and that it would be investigating the allegations.
Chapman added that the leadership campaign of Starmer’s key rival, Rebecca Long-Bailey MP, had similarly engaged in a concerning breach of data protection rules recently.
She accused the rival campaign of having linked supporters to a database of the central Labour Party’s phone bank through emails last week. The team for Long-Bailey suggested this was done as a mistake.
The fact that serious data protection allegations have been launched against the key front-runners for Labour leadership raises concerns over whether those behind them truly understand the nature of data protection laws.
The Labour Party had previously reported a data breach to the ICO in February last year after a handful of MPs resigned their membership to join the Independent Group (TIG). The party had accused the former MPs of improperly accessing party systems to contact party members after their resignation.
