NZ Labour breach should highlight security

New Zealand Labour's failure to protect its membership names and credit card details has important ramifications and lessons.

New Zealand Labour's failure to protect its membership names and credit card details has important ramifications and lessons.

A few years back, the British National Party suffered a leak, and its members were "outed" as their names were posted online.

The calamity for some was that membership of this organisation, though legal, is not allowed for certain jobs in the UK; for instance, the police and the army. I think some got fired.

Of course, the New Zealand Labour Party is not at all like the "extremist" BNP, which differs considerably from its "mainstream" namesakes that we have in our countries, but being exposed as being politically active could cause embarrassment to those in certain roles, such as working in particular government jobs, where political neutrality is expected.

I doubt that anyone will be fired, but there will be much embarrassment to some members should their affiliations be exposed. Many will be relieved that blog owner Cameron Slater now says that he won't release all of the 452 names that he had earlier threatened.

However, while he will leave the "ordinary" members alone, claiming that they have the right to privacy with their political donations, you should expect some people to face embarrassing exposure eventually.

There is a campaign element, too. Labour has mastered the art of using people to write letters to newspapers or appear on TV as ordinary independent Kiwis opposed to some government policy. Now that Whale Oil knows who they are, expect these "independents" to be outed, should they claim to be something that they are obviously not.

Then we get to the credit card details issue. Despite the fact that Labour claims they were safe, many commentators from the technical community agree with Slater that with the website being '"open" for some months, some unsavoury people in exotic places just might have taken advantage.

Labour's incompetency over its own poor security might make some people more wary of buying online. As a regular buyer, I certainly hope that Groupon is much more competent with its security.

While I expect security software companies to hype up the threat, I am sure that Symantec will feel vindicated by claiming security/cyber attacks to be the number one IT issue in New Zealand.

Indeed, just days before the Whaley-leaks story broke, the New Zealand government announced a new cybersecurity centre to help protect its agencies from hackers.

Hopefully, all organisations who have membership databases, or who take people's money online, have been reminded of what they need to do.