Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Conservative Party accidentally leak MPs' and journalists' phone numbers through its conference app

Social media users claimed they had logged in as Boris Johnson, gaining access to the ex-foreign secretary’s phone number

Lizzy Buchan
Political Correspondent
Saturday 29 September 2018 16:05 BST
Comments
Conservative Party Conference: Five things to watch

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Conservative Party has accidentally revealed personal details of senior cabinet ministers, MPs and prominent journalists in a major security breach on its official conference app.

The data watchdog is investigating the system flaw which allowed anyone to access mobile numbers, email addresses and private data belonging to conference attendees, simply by logging in using someone’s email address.

Some social media users accessed Boris Johnson’s profile, which provided them with the former foreign secretary’s phone number, while others reportedly posted pornography as his profile picture.

Private data for environment secretary Michael Gove and Gavin Williamson, the defence secretary, was also among the information made public in the breach, which emerged ahead of the annual Conservative Party conference in Birmingham tomorrow.

The blunder could leave the Tories open to being fined and an investigation by the Information Commissioner’s Office (ICO).

An ICO spokesperson said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.

“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”

Labour immediately seized on the gaffe as an example of how the government could not be trusted to keep the country safe.

Jon Trickett, shadow Cabinet Office minister, said: “How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?

“The Conservative Party should roll out some basic computer security training to get their house in order.”

Momentum, the grassroots Labour supporters organisation, accused the Tories of being “staggeringly incompetent”.

A spokesperson said: “Our conference app was built by a team of volunteers for next to no money, and I’m sure they’d be happy to give the Tories a few tips for next year.”

The app, created by an Australian firm called Crown Comms, was updated and the login function removed after concerns were raised with the party.

A Conservative spokesman said: “The technical issue has been resolved and the app is now functioning securely.

“We are investigating the issue further and apologise for any concern caused.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in