Tory Party conference app breach leaked MP’s phone numbers
The Conservative Party in the UK is scrambling to clean up after a data breach leaked the personal phone numbers of MPs, including Boris Johnson, via its own 2018 conference app.
The security flaw was first highlighted by a columnist in The Guardian, who was able to log into the app as any MP using just their email address - no password! Dawn Foster was able to access the private details of people attending the event, tweeting a screen grab of the former foreign secretary, Boris Johnson’s details.
The Conservative Party has now fixed the flaw and apologized for “any concern caused”. Chris Mason, a political correspondent for the BBC, described the breach as “deeply, deeply embarrassing.”
The app was created by CrowdComms, an Australian developer that specializes in mobile event apps for conferences and trade shows. The Evening Standard in London had previously reported that the party had come up with the idea of an interactive conference app in a bid to overhaul its image and appeal to younger voters.
CrowdComms released the following statement about the leak:
“An error meant that a third party in possession of a conference attendee’s email address was able, without further authentication, to potentially see data which the attendee had not wished to share – name, email address, phone number, job title and photo.
“We apologize unreservedly to the Conservative party and their delegates.”
Brandon Lewis, chairman of the Conservative Party and the man responsible for overseeing the conference, is under pressure to resign over the data breach. One senior Tory told The Guardian: “Brandon Lewis is telling everyone who will listen that he could be the man to run the country – yet this conference fiasco shows he couldn’t run a bath.” Lewis has refused to confirm or deny if he will be resigning over the incident.
Ruth Davidson, the Scottish Conservative Party leader, told Sky News: “It is embarrassing, there’s no getting away from that, but it was identified early, it was fixed quickly and then we move on.”
Prime Minister Theresa May, upon being asked about the security breach when she arrived at the conference in Birmingham, ignored questions.
Cabinet ministers have reportedly received prank calls, as you might expect.
Should be a cautionary tale for any organization contracting an off-the-shelf product for a one-time event, otherwise an appealing idea. Surprising the UK Tories went to Australia for it - might be UK tech firms are tainted with embarrasssing EU connections.