FutureScot
Cyber

Information Commissioner’s Office investigates Conservative’s app data breach

The Conservative Party has apologised after releasing a mobile phone app for its annual party conference that let members of the public log in as senior government ministers and view their personal details.

Dawn Foster, a columnist with The Guardian, discovered that a flaw in the app allowed users to log in as anyone attending the party conference, simply by entering an email address.

It meant the mobile phone numbers of all those attending the four-day event – journalists, party members and politicians, including senior government ministers – could be accessed. On Twitter, Foster showed how she had been able to log into the system as former foreign secretary Boris Johnson.

“It’s let me login as Boris Johnson, and just straight up given me all the details used for his registration,” she wrote. “I’m the most tech illiterate person alive, and I’ve done this, imagine there are plenty more security bugs.”

The loophole in the app was closed after the security breach was pointed out to the party but not before the details of some politicians had been accessed and in some instances changed.

A journalist from the BuzzFeed website said at least two cabinet ministers had received prank calls from the public as a consequence.

“The technical issue has been resolved and the app is now functioning securely,” a Conservative spokesman said. “We are investigating the issue further and apologise for any concern caused.”

A spokesman for the Information Commissioner’s Office said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.

“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”

Last year, May’s major conference speech descended into chaos after she suffered a coughing fit, a prankster gained access to the stage to hand her the form given to sacked employees, and some letters of her party’s slogans dropped to the ground from a sign on the stage behind her as she spoke.

“I think people will see a really impressive conference all round this year,” Conservative Party chairman Brandon Lewis told Sky News before news of the security breach was revealed.

Related posts

Scotland’s Cyber Week to showcase Police Scotland’s role in the ever-expanding global cyber ecosystem

Kevin O'Sullivan
February 21, 2024

UK Government aims to ‘design in’ cybersecurity from the outset

Will Peakin
January 28, 2019

SEPA CEO recognised for ‘honesty and openness’ at Scottish Cyber Awards

Poppy Watson
November 19, 2021
Exit mobile version