A major flaw in the Conservative Party Conference 2018 app has exposed the phone numbers, email addresses, and personal information of senior party members, including cabinet ministers.
The data of hundreds of attendees was made viewable by second guessing email addresses and logging in. No passwords were required.
Once logged into the application, users were able to amend and make public the personal details of prominent MPs, including the likes of Boris Johnson, Michael Gove, and Gavin Williamson.
The image of Boris Johnson for example, was briefly switched for a pornographic image before the app was amended.
A senior conservative party member said: “Brandon Lewis is telling everyone who will listen that he could be the man to run the country — yet this conference fiasco shows he couldn’t run a bath.”
Speaking to Sky News, Lewis said: “Any breach of data is a serious matter and that’s why we are taking it seriously,” and that, “we are investigating, and we have already contacted the information commissioner, and will be putting in a fuller report to them.”
The Australian company that created the app said that it “apologised unreservedly” for the mishap, but as of yet, it has not revealed the extent of the flaw.
The Information Commissioner’s Office (ICO) said that it would be making inquiries about the breach as “organisations have a legal duty to keep personal data safe and secure”.
Under GDPR regulations, organisations must notify the ICO within 72 hours of becoming aware of a personal data breach if it poses a risk to people’s rights and freedoms.