Reform UK has failed to tell the Information Commissioner’s Office (ICO) – the UK’s data protection regulator – about the alleged Russian hack of Nigel Farage’s phone, The New World has learned.
That means sensitive data about party members, staff and donors may have been compromised without the watchdog being alerted.
Farage has been embroiled in an ongoing scandal around his decision to accept a secret personal donation of £5 million, shortly before he returned to frontline UK politics. Farage’s story about the donation has changed several times: first he claimed it was about his personal security, but he later claimed it was a “reward” for delivering Brexit.
The Reform leader now faces a parliamentary investigation over the donation, which could in turn trigger a recall petition that would lead to him facing a by-election to keep his seat. Amid this backdrop, Reform claimed to the Mail on Sunday – without publicly releasing any evidence – that the information on the donation had been obtained through a hack by the Russian government.
Under the Data Protection Act, companies have a duty to inform the ICO within 72 hours of learning about any breach of their system that may expose personal data. As a political party with hundreds of thousands of members, Reform UK handles masses of such data, including the payment information and addresses of its supporters.
Its systems may also contain sensitive data, such as the health records of staff, vetting files on candidates, or similar information. If Reform was aware that hackers had accessed any such information, it would be a legal requirement for them to notify the ICO. However, The New World confirmed that as of the end of Wednesday, no such notification had taken place.
Experts told The New World that if Reform UK had established that whichever hackers it alleges accessed Farage’s phones had not been able to access any wider Reform UK information, it would not need to notify the ICO – but noted that it raised further questions as to Reform’s narrative on the hack. If hackers were able to access details of a highly sensitive £5m transaction, would they really not have had any access to wider systems?
Suggested Reading
Nigel Farage has more questions to answer over his phone hacking claim
The ICO did not supply an on-the-record response to a press enquiry. Queries sent to Reform UK as to whether they had notified authorities, and what information they had used to determine it was not necessary, received no response.
“A political party leader’s device is likely to have highly sensitive information on it – not just about himself but also potentially his constituents and colleagues,” said cyber-security consultant Graham Cluley. “A compromise of emails, text messages, and bank accounts on a device belonging to the man hoping to be the UK’s next prime minister cannot be described as low-risk…
“Farage may argue that only his personal accounts were breached, and not anything to do with his work or political party. But I would argue that that would be very hard for a layman to know with certainty.
“The responsible thing to do is for Farage to hand over his phone and any evidence to the experts at the NCSC immediately so it can be examined. It would also be sensible to contact the ICO in case any information about party members, workers, and constituents has also been compromised.”
Ciaran Martin, the founding CEO of the UK government’s National Cyber Security Centre, had previously cast doubt on Reform’s claims of a hack. “An aspiring prime minister has essentially claimed that Russia has launched an unprecedentedly aggressive intervention – a malicious intervention – in British politics, and he’s not produced a shred of evidence to support that claim,” he previously remarked.
Suggested Reading
Trump, Farage, Milei – this is why populists fail
Martin told The New World that, at a minimum, Farage had a “moral duty” to refer any evidence he holds of an alleged hack to appropriate authorities.
“He has a moral duty as someone campaigning to be prime minister to report what he thinks happened, because that would amount to one of the most serious Russian attacks on the UK in modern history,” he said. “But the relevant authorities there are the intelligence services – or the government as a whole, who would put him in touch with them – not the ICO.”
Anna Turley MP, the chair of the Labour Party, has challenged Farage to report the alleged hack of his details to police, saying that if he does not do so, she will.
Most popular
Dear Tony Blair: Please shut up
Quiz time: Can you pick the real from fake reasons new Reform councillors have already quit?
Britain isn’t the country you think it is
I asked an audience of building experts if Starmer should stay - you’ll be amazed by the response
