Tories hit by se­cu­rity breach

Wales On Sunday - - NEWS -

PER­SONAL de­tails of se­nior Cabi­net min­is­ters, in­clud­ing their mo­bile phone num­bers, have been leaked to the pub­lic by a ma­jor se­cu­rity breach in the Con­ser­va­tive Party’s of­fi­cial con­fer­ence app.

The data watch­dog is in­ves­ti­gat­ing af­ter Boris John­son and Michael Gove were among those to have their ac­counts on the CPC 2018 app ac­cessed af­ter it was re­vealed their pro­files could be en­tered just with the email used to reg­is­ter them.

Sev­eral min­is­ters, in­clud­ing those in roles with top-rank­ing se­cu­rity clear­ance, were re­ported to have re­ceived nui­sance calls from mem­bers of the pub­lic af­ter yes­ter­day’s breach.

Sev­eral Twit­ter users re­ported ac­cess­ing the pro­file of Mr John­son, who reg­is­tered un­der his real first name of Alexan­der, be­fore some posted pornog­ra­phy for his pro­file pic­ture and en­ter­ing pro­fan­ity for his job ti­tle.

A spokes­woman for the In­for­ma­tion Com­mis­sioner’s Of­fice (ICO), said: “We are aware of an in­ci­dent in­volv­ing a Con­ser­va­tive Party con­fer­ence app and we will be mak­ing en­quiries with the Con­ser­va­tive Party.

“Or­gan­i­sa­tions have a le­gal duty to keep per­sonal data safe and se­cure. Un­der the GDPR (Gen­eral Data Pro­tec­tion Reg­u­la­tion) they must no­tify the ICO within 72 hours of be­com­ing aware of a per­sonal data breach, if it could pose a risk to peo­ple’s rights and free­doms.”

As well as min­is­ters and MPs, the ac­counts of jour­nal­ists, lob­by­ists and other del­e­gates to the con­fer­ence - which be­gins in Birm­ing­ham on Sun­day - could be ac­cessed.

Guardian colum­nist Dawn Fos­ter, who was one of the first to spot the flaw, wrote: “FFS, the Tory con­fer­ence app al­lows you to log in as other peo­ple and view their con­tact de­tails just with their email ad­dress, no emailed se­cu­rity links, and post com­ments as them.

“They’ve es­sen­tially made ev­ery jour­nal­ist, politi­cian and at­tendee’s mo­bile num­ber pub­lic. Fan­tas­tic.”

The app, cre­ated by an Aus­tralian firm called Crown Comms, was up­dated and the lo­gin func­tion re­moved af­ter con­cerns were raised.

A Con­ser­va­tive spokesman said: “The tech­ni­cal is­sue has been re­solved and the app is now func­tion­ing se­curely.

“We are in­ves­ti­gat­ing the is­sue fur­ther and apol­o­gise for any con­cern caused.”

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.