'Ashton is a w*nker': Labour council executive's email account 'hacked'

The email arrived in my inbox at 09:35 on Wednesday, 27 May. It was sent from the official council address of Cllr Alasdair Ross, the council's Portfolio Holder for Housing and the Labour councillor for Rushmere, where Ipswich Town Football Club has recently invested more than £40 million in their training ground.

The subject line read "Mark Ashton".

The body read: "Ashton is a w*nker, Ashton is a w*nker, la laar, la laar, la laar, la laar, la laar, la laar."

Not your typical councillor email, it has to be said.

The email arrived on the same day that it was reported that the Football Association was continuing its investigation into Ashton, the chief executive of Ipswich Town Football Club, over chants using derogatory language about former Norwich City majority shareholder Delia Smith during a post-match gathering at Isaacs on the Quay following the club's promotion-clinching win over QPR.

Cllr Ross's account

When approached for comment, Cllr Ross, who has served on the borough council since 2008, replied: "Think you will find that is a hacked email as been in hospital for last month."

In a follow-up exchange on Thursday morning, he said he had reported the matter to the council's ICT team and was not aware of any other emails having been sent from his account.

"Cyber security is taken very seriously by IBC with a number of logins needed," he added. "I am sure the ICT team will investigate and thank you for making me aware of the issue."

Cllr Ross added that, as he had never previously emailed Ipswich.co.uk, "it seems obvious the email is not from me" and questioned whether there was any story to be told here.

The council's response

We approached Ipswich Borough Council for comment on Wednesday evening, asking whether Cllr Ross's account had been compromised, whether any wider security incident was under investigation, whether the matter had been referred to Suffolk Police or the Information Commissioner's Office, and what steps were being taken in response.

A council spokesperson confirmed on Thursday morning that the council had investigated and was satisfied that the email did not come from Cllr Ross. The spokesperson said that the incident appeared to be a one-off, and that no other council accounts had been affected. They confirmed the council uses Microsoft two-factor authentication (2FA) across its accounts.

Most significantly, however, was that they wouldn't confirm that the breach would be referred to the Information Commissioner's Office.

Under the UK General Data Protection Regulation, organisations are required to notify the ICO of personal data breaches "without undue delay" and, where feasible, within 72 hours.

Councillors routinely receive correspondence from residents containing personally identifiable and, in many cases, sensitive information. If the email account of a councillor of nearly two decades were compromised, correspondence with hundreds, perhaps thousands, of residents would form part of the data potentially exposed.

This particular councillor, as a serving member of the council's executive committee and the Property portfolio holder, will also be privy to a large volume of commercially sensitive information.

The council declined to comment further, citing security, saying: "We cannot comment further due to security reasons but can confirm the council has taken the appropriate steps."

It is not thought that those appropriate steps include referring the case to the ICO.

How email accounts get compromised

To understand how a council email account protected by two-factor authentication could be used to send an unauthorised message, Ipswich.co.uk approached Craig Starling, Director of local IT and cyber security firm ICS, for some context.

Starling said email accounts were "most often compromised through phishing, weak or reused passwords, malware, with phishing being by far the most common method in business environments".

Once an attacker has gained access to an account, Mr Starling explained, they "can immediately use the account like a normal user, reading emails and sending messages, often replies in existing threads, to carry out fraud, impersonation, or internal phishing".

On the question of multi-factor authentication, Mr Starling was clear that it is not a guarantee. "MFA can be bypassed through techniques by phishing or exploiting legacy login methods, meaning it reduces risk but doesn't eliminate it," he said.

He said the common signs of a compromise included "unusual logins, emails sent without your knowledge, new inbox rules, or reports from others", and that users should "quickly reset passwords, revoke sessions, and notify IT".

IT teams investigating a suspected compromise, he added, can usually confirm one "by reviewing login logs, email activity, and security events, using indicators such as unusual locations, suspicious sending patterns, or unauthorised configuration changes".

What happens next

For Ipswich Borough Council, the matter is, in its own view, resolved. The ICT team has investigated, the account is reportedly secure, and no other accounts have been affected.

Whether that proves to be the end of the story is another matter.

Hacking claims have featured prominently in local politics in recent weeks. Earlier this month, Reform UK's Bury St Edmunds and Stowmarket branch said its X and Facebook accounts had been "hijacked by agitators" after a series of posts attacking opposition figures attracted significant backlash. The branch chairman, Cllr Simon Aalders, said that the branch had "been hacked", adding: "We don't know who has access to it, but we do realise this seems to be a lot more systematic."

The claim was met with public scepticism from opposition representatives. Andrew Stringer, the county's Green leader, said it was "deeply concerning that Reform UK are now responsible for running education, adult social care, and our highways for the whole of Suffolk, but seems powerless to responsibly administer a simple Facebook page". Richard Rout, the county's Conservative leader, said it "should never have taken widespread community pressure" for the party to act.

This is arguably a far more serious issue.

Reform UK's branch accounts were on commercial social media platforms; Cllr Ross's account is a council-issued email protected by enterprise-grade authentication. The material at risk is also vastly different: in Reform's case, social media posts containing no sensitive information; in Cllr Ross's case, thousands of emails containing potentially sensitive information.

The political pattern is a familiar one, and the public's appetite for taking such explanations at face value appears, on recent evidence, to be limited.

Many will now ask if Labour will come under the same scrutiny that their Reform UK counterparts have come to expect.

The bottom line

Ipswich Borough Council says the email did not come from Cllr Ross. The council's ICT team is, by its own account, satisfied. And yet, for an incident the authority has characterised as a compromise of a Microsoft 2FA-protected account held by a sitting executive member, the public is being asked to take a great deal on trust.

The council has appeared not to refer the matter to the Information Commissioner's Office, has not said what evidence informed its conclusion, and has declined to comment further. That is likely to raise serious questions from both the public and opposition leaders in the coming days.

Ipswich Town FC was approached for comment.

Don't forget: If you enjoy our content, please add Ipswich.co.uk as a "preferred source" on Google so you can easily find more of the content you value.

This article cost us ~£135 to produce

It's free for you to read thanks to the generous support of our partners. Please support us by supporting them.