Leaflet left on my green bin last week from Panda Recycling. Surely “capturing and registering each picture to customer account” of green bin must violates some sort of privacy regulation. Boxes, packaging: brands, items you bough, labels, documents…?
From top (from left): former chairman of INM Leslie Buckley; INM’s largest shareholder Denis O’Brien; IT expert Derek Mizak; former INM CEO Robert Pitt
There were a number of developments in the INM data breach story over the weekend.
Earlier this year, the Office of the Director of Corporate Enforcement (ODCE) asked the High Court to appoint inspectors to investigate Independent News and Media (INM), the largest shareholder of which is Denis O’Brien, following protected disclosures made to it by former Group CEO of INM Robert Pitt and former Group CFO Ryan Preston.
This was granted by Mr Justice Peter Kelly in the High Court in September with Justice Kelly appointing Richard Fleck and Seán Gillane to investigate the claims.
An affidavit filed by ODCE director Ian Drennan claimed data involving 19 listed people was removed from the company’s premises in October 2014, taken out of the jurisdiction and “interrogated” by at least six companies external to INM.
IT expert and director of the information security and digital forensics firm DMZ IT Derek Mizak was allegedly involved in this interrogation, along with Trusted Data Solutions (TDS), an American company based in Wales.
The list included Jerry Healy SC and Jacqueline O’Brien SC (both of whom acted as counsel for the Moriarty Tribunal) as well as former INM board members and employees Karl Brophy, Mandy Scott, Vincent Crowley, Donal Buggy, Joe Webb and James Osborne; journalists Sam Smyth, Maeve Sheehan, Brendan O’Connor; and public relations executive Rory Godson.
Approximately €60,000 was paid by Blaydon Limited, an Isle of Man company owned by Denis O’Brien, to Trusted Data Solutions, according to Ian Drennan, the Director of the Office of Corporate Enforcement, in relation to this alleged interrogation.
Separately, the Office of the Data Protection Commissioner (ODPC) also announced earlier this year that it would also investigate the alleged data breach at INM.
Yesterday, in the Sunday Business Post, Tom Lyons reported that the ODPC will now widen its investigation into INM to include matters beyond the timespan of the alleged breach.
Mr Lyons reported the ODPC will specifically look at why, in 2015, hard drives of up to six editors in INM were allegedly taken by INM in the middle of the night and copied before being returned to the journalists’ desks before they got into work – while using software to hide the fact data had been copied.
Mr Mizak was also involved in this alleged action.
Mr Lyons reported:
“The decision to search the six computers was requested by INM’s then chief executive Robert Pitt, who was trying to identify who had leaked a memo that his personal assistant had sent to editors. The memo ended up being reprinted verbatim in the Phoenix magazine.
“Pitt is understood to have asked that all data be kept on site in INM, and that only the memo be looked for. However, Derek Mizak, a computer expert who carried out the operation with the aid of INM’s own IT team, gives a different version of events. He describes various interactions with Pitt, which INM’s former chief executive is believed not to recall.
Mr Lyons added:
“Pitt is one of two whistleblowers relied on by the ODCE when it successfully argued that High Court inspectors should be appointed to INM. Why the 2015 incident has not emerged in any affidavit to date is unclear.”
In addition, back in 2013, (before Pitt was INM’s CEO) INM’s then chairman Leslie Buckley asked Mizak for a report on emails that were allegedly being sent by a number of INM members – including former head of corporate affairs at INM Karl Brophy and former CEO of INM Gavin O’Reilly – to their private email addresses.
Mr Lyons noted:
“There is no suggestion of wrongdoing in anyone forwarding INM emails to their private addresses, and the media group never took any action as a result.”
Of this work allegedly carried out by Mr Mizak, Mr Lyons reported:
“INM did not ask for an invoice from DMZ. Neither did DMZ bill the listed media company. No written instruction setting out what work DMZ was to do was ever produced. Notes were taken, but these were destroyed afterwards by DMZ as was its practice when jobs concluded.”
Mr Lyons reported that INM declined to respond to questions as to why “it had not told the High Court so far about all of its interactions with Mizak”.
He also reported:
“INM is on notice from a number of parties who wish to find out what happened to their data, including Brophy, [Joe] Webb, Gavin O’Reilly and the journalist Sam Smyth.
“A number of former staff, including various journalists, have also written to the company to try and find out if their data was looked at. Much remains to unravel as the ever more disturbing investigation rumbles on.”
Almost 62,000 applications for access to landline, mobile phone and internet data were made to companies providing services to the Irish public by State authorities in a five-year period.
An Garda Síochána made almost all of the requests, security sources have told The Irish Times.
…The information received for the five-year period to the end of 2012 has been made available by the Irish authorities to the European Commission. Between 2008 and 2012 the number of applications for data reached 61,823; a rate of more than 1,000 a month. Of those, 98.7 per cent were granted.
… In 2012, half of the requests made by the Garda and other agencies such as GSOC, Defence Forces and Revenue Commissioners related to mobile phone records. The remaining applications for data were split roughly evenly between landlines and internet services.
Infographic Natives, in association with the Ring of Kerry Charity Cycle, is asking cyclists to submit their anonymous GPS data to transform them into one stunning data visualisation as a record of our combined efforts on the day.
The Ring of Kerry Charity Cycle takes place on July 4th, starting in Killarney.