To say that they were derived from Facebook breaches, I could not be certain.
I know that SCL worked with a number of data vendors and did its own modelling to create a dataset that would be used within the Ripon platform itself.
On the matter of ICO's unfortunate notice, the only data that was there was something akin to a thousand email addresses—no scores, nothing else like that. It might be a name and the email address, and that was it. Just for your understanding of that, none of that had anything to do with any referendum client.