Fury as MPs’ mobile numbers revealed in Tory security breach
BORIS Johnson and Michael Gove are among hundreds of MPs whose accounts have been hacked on the Tory Party’s official conference app because of a security flaw.
The blunder meant that the private data – including mobile phone numbers – of people attending in Birmingham could be viewed by anyone who had downloaded the app.
The s e c ur i t y f a i l ur e a l s o allowed pranksters to change information on profile pages. They swapped the profile photograph of Environment Secretary Mr Gove to that of Rupert Murdoch, his employer when he was a journalist at The Times. Pornographic pictures were posted on Mr Johnson’s page, while the former Foreign Secretary’s profile photo was changed to that of Carrie Symonds, the blonde former spin doctor with whom he has been linked.
Several Ministers, including those with top-ranking security clearance, reportedly received prank calls from the public who were able to access their profiles using publicly available parliamentary email addresses. The security breach provoked outrage among senior Tory figures, with experts warning that the party could face a fine of up to £2 million if it is found to have breached strict European data protection laws.
Tory chairman Brandon Lewis – whose duties include overseeing the conference – was singled out for particular criticism.
‘It is disgraceful that people can access the personal details of MPs because of the utter incompetence of Conservative Campaign headquarters,’ said a senior Tory MP. ‘This can put people’s safety at risk. Brandon Lewis needs to get a grip.’ Some MPs were reported to be changing their mobile numbers as a result.
Mr Lewis had been due to unveil the interactive app – which allows members to comment on speeches live – at conference today, as part of a raft of measures aimed at overhauling ‘the oldest and most successful political party in the world’.
A spokesman for the UK data watchdog, the Information Commissioner’s Office, confirmed it was investigating the breach, saying: ‘ Organisations have a legal duty to keep personal data safe and secure.’
The app, created by an Australian firm called Crown Comms, was updated yesterday and the login function removed after concerns were raised.
A Conservative Party spokesman said: ‘The technical issue has been resolved and the app is functioning securely. We are investigating the issue further.’
But Jon Trickett, Shadow Cabinet Office Minister, said: ‘How can we trust this government with our country’s security when they can’t build a conference app that keeps the data of their MPs and others attending secure?’