Connect with us

Featured

Company behind Tory conference app apologises for major security flaw

Published

on

The company behind the Conservatives’ official conference app has “apologised unreservedly” after a major security flaw emerged.

The phone numbers of senior Tory MPs – including former foreign secretary Boris Johnson and Chancellor Philip Hammond – could be accessed by anyone because of the glitch on Saturday.

Several ministers, including those with top-ranking security clearance, reportedly received nuisance calls from the public after the breach.

The picture on Environment Secretary Michael Gove’s profile was reportedly switched for one of Rupert Murdoch, and his email changed to a fictional address for The Sun newspaper.

The data breach affected the official app for the Conservative Party Conference
Image:
The data breach affected the official app for the Conservative Party Conference

In a statement, Crowd Comms apologised for the error. Although it was rectified within 30 minutes, the company says it will be referring the matter to the Information Commissioner’s Office (ICO).

It said: “On Saturday 29 September at around 1.50pm UK time we were made aware that a small number of attendee profiles were fraudulently accessed on the app that we are providing for the Conservative Party Conference.

“An error meant that a third party in possession of a conference attendee’s email address was able, without further authentication, to potentially see data which the attendee had not wished to share – name, email address, phone number, job title and photo.

“The error was rectified within 30 minutes. It is likely that it affected a very small proportion of attendees and we are working with the Conservative Party to ensure any potentially affected attendees are notified.”

The security flaw happened as Tory Party members arrived at conference in Birmingham, and raises questions over whether the app breached data protection policy.

On Saturday, the app’s privacy policy stated that it “complies with…the European Union’s General Data Protection Regulation (GDPR)”.

Sky News found that it was possible to change the photos and details of cabinet members, MPs, journalists and local councillors attending conference.

Chancellor Philip Hammond was also affected by the security flaw
Image:
Chancellor Philip Hammond was also affected by the security flaw

A Conservative Party spokesman said: “The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused.”

Theresa May ignored questions from Sky News about the security blunder as she arrived at conference.

Sky News’ technology correspondent, Rowland Manthorpe, said under new GDPR rules this kind of breach could result in a fine of £20m or 4% of turnover, depending on their response.

He said: “A hacker can do an awful lot with just an email address and a phone number.

“I’ve seen screenshots from the app of a squadron leader from the RAF and somebody from the Met Police – they all need to change their phone numbers now.”

Continue Reading
Advertisement Find your dream job

Trending