The Twitter account of Arron Banks, the founder of Leave.EU the pro-Brexit campaign, has been hacked.
In what appears to be a targeted attack, thousands of his private messages were uploaded to the internet.
In a statement, Mr Banks confirmed that his account had been hacked and that personal data had been obtained and posted illegally via Twitter.
“Twitter were notified 12 hours ago and despite repeated requests they have not taken action to deactivate the account or remove the illegal data downloads. Despite the obvious lack of security at Twitter relating to personal data, they have deliberately chosen to leave personal data in the public domain.”
The data had been made available in the form of a link to download, though the original file is no longer online.
Law enforcement have been notified, and the hacker, if caught, could be prosecuted under the Computer Misuse Act.
Tim Turner, data protection consultant commented that even if Arron Banks was using Twitter in a “private capacity rather than as Leave.EU, the data was misappropriated from Twitter and that likely engages the Data Protection Act.”
Turner added: “There are public interest defences for using unlawfully obtained data, but that requires a journalist or other person to gamble that they can successfully argue that the public interest supports whatever use they make of it.
“You cannot know for certain that the public interest will back up any particular course of action; a person would have to act first, and see what follows.”
In February 2019, Leave.EU and an insurance company owned by My Banks were fined £120,000 for breaching data protection laws.
Journalist, Carole Cadwalladr explained that prior to this, Banks has shown much contempt for the ICO and UK data laws, therefore this incident will give him a chance to reflect on the need for such laws to be put in place and regulated.
Twitter released a statement: “We have taken steps to secure the compromised account. We will continue to take firm enforcement action in line with our policy which strictly prohibits the distribution on our service of materials obtained through hacking.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/