image

Britain

British Conservative conference app flaw reveals private data of senior MPs

Images posted to social media showed people logging in as Boris Johnson, Michael Gove and others, revealing personal information including their mobile phone numbers

PUBLISHED : Sunday, 30 September, 2018, 5:47am
UPDATED : Sunday, 30 September, 2018, 5:47am

A major flaw in the British Conservative Party’s official conference phone application made the private data of senior party members including cabinet ministers accessible to anyone that logged in as a conference attendee.

Images posted to social media showed people logging in as Boris Johnson, Michael Gove and others, revealing personal information including their mobile phone numbers.

The personal phone numbers and private details of Gove, Johnson’s real number and seemingly every person who registered to attend Tory conference were accessible.

The data breach could open the Conservative Party to fines and an investigation by the information commissioner, the independent authority which upholds information rights in the public interest.

The Information Commissioner’s Office said it would be making inquiries about the breach and added that “organisations have a legal duty to keep personal data safe and secure”.

How can we trust this Tory government … when they cannot even build a conference app that keeps the data of their members … safe and secure?
John Trickett, shadow Cabinet Office minister

Once logged into the app, users were able to both amend and make the personal details of prominent MPs public, with Twitter users claiming Johnson’s picture had been briefly changed to one featuring a pornographic image.

Gove’s picture was changed to Rupert Murdoch, his previous employer at the London Times.

Anyone could log in as any attendee by providing an email with no password. Many MPs had registered with their public parliamentary email addresses, making it simple for any member of the public to access their mobile number.

Commentators said the flaw raises questions over the ability of the government to harness technology to solve issues around the Irish border and customs checks.

The app may also have breached data protection policy. Its privacy policy states that it “complies with … the European Union’s General Data Protection Regulation (GDPR).”

The breach enraged senior ministers. One Whitehall source described the error as “f****** ridiculous”. Anger was aimed at Brandon Lewis, the Tory party chairman, whose duties include overseeing the conference.

Labour said that the mishap raised questions around national security and recommended the Tories provide basic computer training to its members.

“How can we trust this Tory government with our country’s security when they cannot even build a conference app that keeps the data of their members, MPs and others attending safe and secure?” said John Trickett, the shadow Cabinet Office minister.

“The Conservative party should roll out some basic computer security training to get their house in order.”

A Momentum spokesperson criticised the “staggering incompetence” of the Conservative party and cited the success of its own in-house app during the Labour Party conference this week.

“This sums up the Tories, staggeringly incompetent and out of touch with the modern world,” they said. “They cannot even build a basic conference app without a huge data breach, and it’s terrifying that they’re in charge of the tech that runs our hospitals, schools and airports.

“Our conference app was built by a team of volunteers for next to no money, and I’m sure they’d be happy to give the Tories a few tips for next year.”