Sam Boal via
Data Breach

INM has written to individuals who may be affected by alleged data breach at company

The letter also details former chairperson of INM Leslie Buckley’s involvement in the breach.

INDEPENDENT NEWS AND Media (INM) has written to the individuals who may have had their data searched, along with other INM information, in the midst of an alleged data breach at the company.

INM said in the letter, which has been seen by, that information was provided “to a third-party service provider under the instruction of the then Chairman of INM”.

In a statement last week, INM’s former chairman Leslie Buckley said: “I will continue to cooperate fully with the ODCE and will robustly defend my position against each and every allegation.”

Text messages sent to Buckley, published in the Irish Independent last week, reveal almost 40,000 emails of Joe Webb, former INM Ireland chief executive, may have been sourced during this alleged data interrogation. These emails reportedly go back as far as 1999.

It was revealed last week that the group’s IT system back-up tapes may have been removed from its premises. It is alleged that data, including the names of a number of journalists who worked for the company, was searched by a third-party company called Trusted Data Solutions.

The Office of the Director of Corporate Enforcement (ODCE) – the State’s corporate governance watchdog – has applied to the High Court to appoint inspectors to investigate corporate governance at the media group. Since then, details of the ODCE affidavit have leaked through media outlets, including INM titles.

The letter to those involved

In the letter, INM said that “prior to receiving the court papers from the ODCE in respect of the court application”, INM understood “from the persons directly involved” that the data was searched “for the specific purpose of seeking details regarding and terms and value for money of a particular long-term contract for professional services between INM and a service supplier”.

However, the letter said that the materials provided on 23 March by the ODCE suggested that the data may have been searched “more extensively and for a different purpose”.

The letter said: “In particular, the materials provided by ODCE include a list of names of ‘additional users/persons of interest’, including your name.

“This suggests that the data recorded on these back-up tapes may also have been restored and searched for communications including reference to you.”

INM said that it does not know whether any such searches were undertaken or for what purpose. However, it said that “based on the limited information currently available to INM it seems possible that they were”.

“INM also does not know to whom any results of any such searches might have been provided,” the letter said.

‘Unauthorised disclosure’

In the letter, INM goes on to confirm to the individuals that “information relating to you may have been put at risk of unauthorised disclosure”.

It said that the data may have consisted of references to the individual in emails and digital files at INM servers and on related back-up tapes as of October 2014.

“We are co-operating with the Office of the Data Protection Commissioner in relation to the matter,” the letter said.

It went on to say that INM will update the individual “regarding our investigation and particularly if it transpires that personal data relating to you was the subject of unauthorised disclosures”.

INM told that it has no comment to make.