The aftermath of the intern data leak?

[stealthsquirrelnutkin]

Has anything has been done to tighten security in compliance with law after the incident in April when the paid intern doxxed the women of FWR and drove so many Feminists off the site?

www.theguardian.com/media/2018/apr/19/mumsnet-reports-itself-data-regulator-transgender-rights-row-ip-addresses-posted-twitter

Did anything happen to the intern herself? Or did she get off scot-free?

Got off scot free. There was mention of 'a talking-to' and how she was so sorry.

This kind of sorry, I suspect

Didn't MN report themselves? Did anything come of it?

Have any of you reported your posts to MNHQ to make sure they see this?

I would hope now that every access request for user data is time and operator stamped. And that there is a hierarchy of permission to access more sensitive data like personal messages and name change history. anyone know if that is the case?

HOW could a person who did get off without any repercussions?

As part of the work I do now I had to undergo GDPR training, in which I was warned that if I even inadvertently (e.g. getting my laptop nicked) allowed anyone's data to get into someone else's hands, I faced prosecution and a fine that would ruin my life.

I would hope now that every access request for user data is time and operator stamped. And that there is a hierarchy of permission to access more sensitive data like personal messages and name change history. anyone know if that is the case?

That's what I am very keen to know. I think enough time has passed for all the necessary security procedure changes to have been enforced, so I'm hoping someone from mumsnet will be along shortly to lay them all out for us and allay our fears.

I am sure that at the time, we were told that MN had referred the matter to the Information Commissioner (- it was under a duty to do so). What has happened with that?

@MNHQ

Can we have an update, for our own peace of mind?

And why was the intern responsible allowed to get off scot-free?

I would also like an update.

I would also like an update.

I was wondering this as well after a Mermaids' twitter thread was quoted saying that the intern was a "whistleblower", without being able to say exactly what there was going on at MNHQ to whistleblow on. Beyond, you know, allowing women to say things they don't like

IIRC she also said she still had people on the inside at MNHQ who were helping her. Was it ever confirmed if she was just BSing or if it was true?

I know MNHQ repeatedly said she wasn't related to anyone there but I'm still not sure I believe that. They did seem oddly relaxed about it.

It's (surely?) a blatant breach of the GDPR.

Whilst I appreciate it may take some time to investigate and fully implement any required changes to your systems to ensure that user's data cannot be compromised in the future, I hope @MNHQ will be able to provide an update and timeline for completion of the actions required.

Any search within the database would be time-stamped - and there should be security level clearances in place. Whether anyone actually analyses and monitors this is another matter all together...

But IME as a DB programmer (for an international household name) I had full access to ALL data... However quietly behind the scenes was a security team keeping an eye on "sensitive searches".

IIRC she also said she still had people on the inside at MNHQ who were helping her. Was it ever confirmed if she was just BSing or if it was true?

A completely separate observation is that sometimes moderation on an FWR thread will go very hardline against GC posters. Some mods seem to be rather zero-tolerance.

I would like to know this too. Feels a bit like it was brushed under the carpet.

It's (surely?) a blatant breach of the GDPR.

It happened before GDPR came in. By a month or two, I think (?).

Watching this thread with a great deal of interest.

nauticant

Yes

I would appreciate an update too

Update would be great please MMHQ. I have reported the thread in case they haven’t seen it.

As far as I can remember at the time, MNHQ called Emma, (the police possibly visited her? Not sure), and she was very very very very sorry and upset about it, and didn't mean it, etc. Then Mumsnet reported themselves, then nothing else happened.

Emma was the reason I de-regged and re-regged with different details and a VPN email/IP.

I never realised it was so easy to get away with things!

I was pondering doing a dastardly crime then calling myself Derek d'Faux to avoid being deadnamed (as in Ireland) but now I see that I just need to say 'I'm so soooooo saweeeeeee 😇😇😇😇🙏🙏🙏 it won't ever happen again - I promise'.

I got the impression - from the stuff she wrote on her twitter before she deleted her account - that she wasn't all that sorry at all. Unless the word "sorry" has changed it's meaning too.