← All articles

Investigation · Governance

Historical Preservation Committee Seats Member Named in Data Breach Investigation

Data Breach warning graphic over a red binary-code background

On June 26, the Libertarian National Committee announced new appointments to its Historical Preservation Committee. The same day, a party member submitted a message to the full board through the party's public contact form. He objected that one of the newly appointed members had been identified by an outside vendor as the person who exported party membership data. Placing someone with that history into an official role, he wrote, looks improper on its face and could amount to a breach of the board's fiduciary duty.

Austin Martin, the Region 1 representative and chair of the Libertarian Party of Hawaii, forwarded the message to the full board stating that more than one member of the committee in question had been implicated by the forensic investigation. Martin places the breach inside a longer contest for control of the party, calling it out as a "betrayal of member trust."

The Historical Preservation Committee oversees the party's archives and its LPedia platform. There is a question over what member data such a committee can access.

The Investigation

Earlier in the spring, the LNC retained Octillo, a law firm that specializes in data breach response, to investigate what had happened to its member data. The firm delivered an executive summary to the board on May 13.

The investigation confirmed that data containing members' personally identifiable information had been exported and identified the source as Kyle Davis, who acknowledged the fact. The firm reported high confidence in that finding, resting on Davis's own acknowledgment and the absence of evidence pointing to any other source.

Davis declined to sign a formal attestation confirming that he had destroyed the exported data and had not shared it. Two other people who had posted information about the data online, a blogger named John Ponty and Caryn Ann Harlos, the party's former secretary (and the current chair of the Historical Preservation Committee), were asked for the same written attestations and also declined. Because no one would attest to destroying or withholding the data, the firm could not determine whether the captured information had been shared or deleted. It found no evidence that the data had been used for identity theft or fraud.

The breach triggered formal notification obligations under the law in North Dakota, because the exported data included names and dates of birth. The party is notifying the affected residents and filing a report with that state's attorney general.

The board's reaction in May already hinted that the matter was not as closed as some considered it. Board member Otto Dassing asked specifically if Kyle Davis was currently sitting on any committee. He was. At the time, Davis was sitting on the board of the Bylaws and Rules Committee.

Davis' Goals

Portrait of Kyle Davis
Kyle Davis

Since the convention, Davis has appeared on livestreams (timestamp 5:45) campaigning to other board members about his desire to become "Director of IT," before joking about the data breach.

Davis has also sought member data beyond the national party. According to the Libertarian Party of Hawaii, he sent a formal demand for the complete Hawaii membership list, citing a state nonprofit statute that does not apply to political parties. He set a deadline and indicated he had a lawyer who could sue to obtain the data.

At Stake

Board members owe fiduciary duties to the organization. The argument against the appointment is straightforward. If the party seats individuals connected to the data breach onto its committees, the board is acting against the interests it is bound to protect.

Martin is pressing that question onto the party's counsel, saying conflicts were raised repeatedly and approved each time, and demanding to know why. Counsel has not yet responded.

The party's membership and donor records are one of its most valuable and most sensitive assets. They are how people are contacted, how money is raised, and how conventions are won or lost. Most importantly, they are personal information that members handed over with the expectation that it would be protected. The party cannot say for certain where that data went, because the people who touched it would not put their acknowledgements in writing, and Kyle Davis is actively seeking broader access.

Editor's Note (July 4, 2026): After publication, Third Party Watch published email correspondence in which John Ponty disputes Octillo's account. Ponty maintains that he was never sent a request for attestation during the investigation, contrary to the executive summary's characterization, and that Octillo provided him an attestation only after he raised the issue in June. Octillo, in the same correspondence, states that its materials contained no knowingly false statements and that it adjusted its descriptions in response to the concerns raised. These claims have not been independently verified. The correspondence is available here.