Tory conference app gaffe releases ministers’ private phone numbers to public
The data watchdog is investigating after the public were able to access profiles including that of Boris Johnson using only an email address.
Personal details of senior Cabinet ministers, including their mobile phone numbers, have been leaked to the public by a major security breach in the Conservative Party’s official conference app.
The data watchdog is investigating after Boris Johnson and Michael Gove were among those to have their accounts on the CPC 2018 app accessed after it was revealed their profiles could be entered just with the email used to register them.
Several ministers, including those in roles with top-ranking security clearance, were reported to have received nuisance calls from members of the public after Saturday’s breach.
Several Twitter users reported accessing the profile of Mr Johnson, who registered under his real first name of Alexander, before some posted pornography for his profile picture and entering profanity for his job title.
Environment Secretary Mr Gove’s account was apparently accessed and his profile picture changed to that of Rupert Murdoch, his employer when he was a journalist.
A spokeswoman for the Information Commissioner’s Office (ICO), said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.
“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR (General Data Protection Regulation) they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”
As well as ministers and MPs, the accounts of journalists, lobbyists and other delegates to the conference – which begins in Birmingham on Sunday – could be accessed.
Once logged in, users were able to access information and apparently leave messages on the internal messaging system.
Guardian columnist Dawn Foster, who was one of the first to spot the flaw, wrote: “FFS, the Tory conference app allows you to log in as other people and view their contact details just with their email address, no emailed security links, and post comments as them.
“They’ve essentially made every journalist, politician and attendee’s mobile number public. Fantastic.”
The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised with the party.
A Conservative spokesman said: “The technical issue has been resolved and the app is now functioning securely.
“We are investigating the issue further and apologise for any concern caused.”
But Labour was quick to criticise the Conservatives.
Jon Trickett, shadow cabinet office minister, said: “How can we trust this Tory Government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?
“The Conservative Party should roll out some basic computer security training to get their house in order.”
A spokesman for the Labour grassroots organisation Momentum, which had its own app for its recent Labour fringe, said: “Our conference app was built by a team of volunteers for next to no money, and I’m sure they’d be happy to give the Tories a few tips for next year.”