Tories hit by security breach
PERSONAL details of senior Cabinet ministers, including their mobile phone numbers, have been leaked to the public by a major security breach in the Conservative Party’s official conference app.
The data watchdog is investigating after Boris Johnson and Michael Gove were among those to have their accounts on the CPC 2018 app accessed after it was revealed their profiles could be entered just with the email used to register them.
Several ministers, including those in roles with top-ranking security clearance, were reported to have received nuisance calls from members of the public after yesterday’s breach.
Several Twitter users reported accessing the profile of Mr Johnson, who registered under his real first name of Alexander, before some posted pornography for his profile picture and entering profanity for his job title.
A spokeswoman for the Information Commissioner’s Office (ICO), said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.
“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR (General Data Protection Regulation) they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”
As well as ministers and MPs, the accounts of journalists, lobbyists and other delegates to the conference - which begins in Birmingham on Sunday - could be accessed.
Guardian columnist Dawn Foster, who was one of the first to spot the flaw, wrote: “FFS, the Tory conference app allows you to log in as other people and view their contact details just with their email address, no emailed security links, and post comments as them.
“They’ve essentially made every journalist, politician and attendee’s mobile number public. Fantastic.”
The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised.
A Conservative spokesman said: “The technical issue has been resolved and the app is now functioning securely.
“We are investigating the issue further and apologise for any concern caused.”