A short note on Labour’s cyberbreach. Sienna Rogers at Labour List reports on the 3rd party victim of Labour’s cyber breach. The software is I believe provided by blackbaud, who usually provide this as software-as-service, and have been previously attacked, but Rogers states the system is run by Tangent which I believe to be a trading name for Tangent Marketing Services. This article in the Guardian (HTML/ .PDF ) reports (2007) on Labour’s award of the contract and identify Michael Green as the supplier CEO, although his wikipedia page suggest he’s moved on; he us still registered as a Director at Companies House, although the last set of annual accounts state he has resigned. Labour’s General Secretary at the time was Peter Watt whom wikipedia quote the BBC as saying he resigned “following the revelation that a property developer made donations to the party via three associates”. Tangent also appointed an ex-Party Director of Communications, Paul Simpson (HTML / .PDF) as it’s account manager for the Labour Party in 2009, although he left 4 years later.
This story adds to the questions that need to be answered, one of which is why the software and its run time contract has been in place for so long? Has it it been market tested, are the terms and conditions still appropriate?
When the leak was first reported, I wrote a piece on IT Vendor Management (also on my blog) and posed some question. I also wrote a short piece on Cyber-security and the NIST Cyber-security framework. In the first of these articles I described what a decent vendor management policy looks like, and how the use of international standards on IT security, (ISO 27001), and governance (COBIT) would help, as would having a National Executive Committee properly equipped, trained and interested.
Amended to clarify the status of Michael Green.