LinkedIn has already confirmed that more than 6.4 million of their members’ passwords were leaked to a hash-cracking forum earlier this week. And though the company has also taken reasonable steps to resolve the issue with its members, questions still remain about why the hash containing the passwords was unencrypted, and how the hacker got access to the passwords in the first place. Those questions may soon get answers if an Irish investigation into the leak goes forward.
Reuters is reporting that the office of the Data Protection Commissioner in Ireland is in contact with LinkedIn over the matter, and may begin an investigation. The office feels the situation is within their jurisdiction, which includes data theft. Reuters is quoting both the deputy data-protection commissioner and a spokesperson for LinkedIn’s London office as having confirmed that LinkedIn is keeping the Data Protection Commissioners Office “abreast of the situation.”
According to its website, the office of the Data Protection Commissioner was established under Ireland’s 1988 Data Protection act. The office upholds the principle that organizations that keep user data have a responsibility to keep the data private, safe, and secure. The Data Protection Amendment Act passed in 2003 updated Ireland’s data principles to include a European Union directive that declares individuals should “be in a position” to control their data. The Data Protection Commissioner upholds these rights and can enforce them by fining data holders who are malicious or irresponsible.