Labour accuses Keir Starmer campaign team of data breach

Image copyright
Getty Images

The Labour party has formally reported members of Sir Keir Starmer’s leadership campaign team to the Information Commissioner, accusing them of hacking into the party’s membership database, the BBC has learned.

The allegations were made against two members of Sir Keir’s team – one of them is his compliance official.

They were passed to the Information Commissioner’s Office on Thursday.

Sir Keir and his team said the claims were “utter nonsense”.

The allegations are serious, and the confrontation has engulfed the campaign in bitter recrimination.

The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights and enforce data protection legislation. The watchdog has the power to fine any organisation found to have misused data in any way.

The ICO has confirmed it had received a report of a membership database breach, and would make inquiries.

‘Nonsensical’

But I understand from multiple sources the Starmer team members were accused of what’s called “data-scraping” – seeking to obtain certain information from a wider set of data.

Late last night, Sir Keir wrote to the party flatly denying any wrongdoing by his team members.

He insisted they were investigating a means of penetrating the database – called Dialogue – with no intention to use it.

Supporters of Sir Keir, who currently has the support of twice as many local Labour parties than any other candidate, have suggested they were now victims of a politically motivated effort to damage him and his campaign.

Jenny Chapman, the former Labour MP who is chairing Sir Keir’s campaign, said no-one on the team had the “capacity” to hack into any of the party’s databases and “they wouldn’t do it anyway”.

Media playback is unsupported on your device

Media captionJenny Chapman on data breach claims: “It’s utter, utter nonsense”

“It’s a very serious accusation and that is why I am here to defend it,” she told BBC Radio 5live’s Pienaar’s Politics. “This isn’t even a situation where you say ‘some over-enthusiastic young volunteers may have done it’. It didn’t happen.”

Ms Chapman suggested the allegations had only surfaced after her team had alerted Labour officials last week to what they believed was potentially a “very serious” data protection breach by the rival campaign of Rebecca Long-Bailey.

It emerged last week that Ms Long-Bailey’s campaign circulated links to volunteers capable of allowing them access to Labour Party phone banks. The campaign said it acted innocently but Ms Chapman said she believed “something wrong” had taken place.

“We wrote to the Labour Party… and we thought that was the end of it as far as we were concerned. And the next thing you know, a couple of people on our campaign get letters saying ‘actually we think you have done something wrong’.

She added: “Labour members want a fair contest. Whoever decided to send these threatening letters to people on the Starmer campaign and then leak it to the BBC are not really doing the Labour Party or their preferred candidate any favours.”

Labour said it had written to Sir Keir and his three leadership rivals to “remind them of their obligations under the law and to seek assurances that membership data will not be misused”.

“The Labour Party takes its legal responsibilities for data protection – and the security and integrity of its data and systems – extremely seriously.”

It emerged last week the rival campaign of Rebecca Long-Bailey had circulated links to volunteers capable of allowing access to the membership database – her team say done innocently.

Under the party’s leadership rules, any candidate who makes it to the final stage of the contest later this month will be entitled to receive details of party membership and registered supporter lists, containing names, telephone numbers and postal addresses.

Sir Keir, Ms Long-Bailey and Lisa Nandy have already qualified after getting sufficient support from trade unions and other bodies affiliated to the party. Emily Thornberry has yet to do so.

It is understood all the eligible candidates are being required to provide guarantees that the information will be stored securely and processed lawfully before it is given to them.