Conservative Party data breach discovered in conference app. A columnist for The Guardian newspaper has highlighted a security breach involving personal data on the Conservative Party’s conference app. Among other’s the BBC was able to gain access to private details of delegates attending the event. MPs including Boris Johnson had their phone numbers and other personal details revealed by the party’s conference app. The Conservative Party apologised for “any concern caused” and said “the technical issue has been resolved”. The Information Commissioner’s Office (ICO) said it would be making inquiries. Posting on Twitter, the Guardian’s Dawn Foster, who was attending the conference, said she had been able to access the former foreign secretary’s personal details, including his mobile phone number. Ms Foster shared a redacted image of Mr Johnson’s profile, which did not reveal his phone number. Apparently, anyone could access an MP’s personal details simply by entering their email address, without a password, when clicking the attendee’s button in the app. The button has since been removed from the app, which was developed by Australian company Crowd Comms. Conservative Party chairman Brandon Lewis said the app was “now functioning securely” and added that the party would be “investigating the issue further”. During the conference the Evening Standard reported Mr Lewis was set to “unveil the first “interactive’ conference app” in a bid to overhaul the Conservatives image, whilst appealing to younger voters. Theresa May, who was arriving at the conference in Birmingham, avoided questions from the press about the security blunder. Images appeared on Twitter showing people apparently changing individuals’ profile photo’s and leaving messages on the app’s internal messaging system.
ICO to investigate Conservative Party data breach?
The Information Commissioner’s Office (ICO) said it would be making inquiries concerning the breach and stated that “organisations have a legal duty to keep personal data safe and secure”. The ICO statement added
Under the EU’s new GDPR regulation, the Conservative Party has 72 hours to notify the regulator of a personal data breach that could pose a risk to people’s rights and freedoms.
Labour shadow cabinet member, Jon Trickett, criticised the Conservatives for the breach and said:
How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe?