What the BNP membership list leak can teach us all

Graham Cluley
Graham Cluley
@[email protected]

The far-right BNP (British National Party) is no stranger to making headlines in the United Kingdom for their controversial views.

BNP leader Nick Griffin is scheduled to appear on the BBC’s top political television debate program, “Question Time”, tomorrow evening, despite protests that he should be barred from appearing alongside other panellists. It’s understandable that some would find Griffin’s views unacceptable, as it has been argued that his party’s constitution breaks race relations laws by restricting members to “indigenous Caucasians”.

Amidst the controversy, a spreadsheet claiming to be the membership list of the controversial party has now been posted on the internet, revealing the names and contact details of thousands of apparent supporters.

Leaked BNP membership list

Sign up to our free newsletter.
Security news, advice, and tips.

For its part, the BNP claims the list is a “malicious forgery”, with party leader Griffin claiming “It is a concoction of the ‘old’ list plus a number of inquiries received, but, most disturbingly, it contains thousands of names of people with whom the BNP has had no contact whatsoever.”

(The “old” list Griffin refers to is a list of 12,000 names and addresses of purported BNP members that was leaked onto the net in November 2008. A former senior member of the BNP was subsequently fined for leaking the sensitive information online.)

So, it does appear that the BNP has once again experienced keeping data about its members (many of whom are likely to be unenthusiastic about others discovering they are supporters of the political party) under safe lock and key.

And the question is – what can other organisations learn from this?

Well, you should be doing more to control the movement of sensitive data inside your organisation. This month Sophos (at no extra charge!) integrated data loss prevention (DLP) capabilities into our Sophos Endpoint Security and Data Protection product – enabling businesses to have visibility and control over sensitive data.

I accessed the alleged BNP membership spreadsheet on my computer earlier today, and Sophos’s new data loss prevention technology correctly intercepted the attempt to copy the file as it contained personal identifiable information.

A Sophos DLP rule to prevent unauthorised movement of sensitive data

There are many more rules built into Sophos’s Data Loss Prevention ability than this, of course, but it would have successfully prevented the BNP’s membership list from being distributed.

If you store sensitive information about your company, employees or customers on your network – maybe you should take steps now to ensure that its not your organisation that is next making the headlines for an embarrassing data leak.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.