Conservative Party conference app reveals MPs’ numbers
The Tory party’s app for the conference was readily available to download on the Apple app store
Conservative MPs including Boris Johnson have had their phone numbers and other personal details revealed by the party’s conference app.
A Guardian columnist highlighted the security breach on Twitter and the BBC was also able to access private details of people attending the event.
The Conservative Party apologised for “any concern caused” and said “the technical issue has been resolved”.
The Information Commissioner’s Office said it would be making inquiries.
BBC political correspondent Chris Mason said the technical glitch was “deeply, deeply embarrassing” for the party.
The Guardian’s Dawn Foster, who is attending the conference, tweeted about the security breach and said she had been able to access the former foreign secretary’s personal details, including his mobile phone number.
She shared a redacted picture of Mr Johnson’s profile, which did not reveal his phone number.
It appears that people could access an MP’s personal details by entering their email address, without a password, when pressing the attendee’s button in the app.
This button has since been removed on the app, which was created by Australian firm Crowd Comms.
A Tory spokesman said the app was “now functioning securely” and the party would be “investigating the issue further”.
Prime Minister Theresa May, who was arriving at the conference in Birmingham, ignored questions from reporters about the security blunder.
The Press Association said the details of Environment Secretary Michael Gove had also been shared online.
Pictures on Twitter show people apparently changing individuals’ profile pictures and leaving messages on the app’s internal messaging system.
One Twitter user posted a snapshot of Mr Gove’s profile picture, which had been changed to a snap of media mogul Rupert Murdoch.
Mr Gove previously worked as a journalist at The Times, one of Mr Murdoch’s papers.
Michael Gove’s profile picture was changed to that of media mogul Rupert Murdoch
The Information Commissioner’s Office (ICO) said it would be making inquiries about the breach and added that “organisations have a legal duty to keep personal data safe and secure”.
The ICO’s statement added under the EU’s new GDPR regulation, the Conservative Party has 72 hours to notify the regulator of a personal data breach that “could pose a risk to people’s rights and freedoms”.
One of Labour’s shadow cabinet, Jon Trickett, criticised the Conservatives for the breach and said: “How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe?”
Labour’s grassroots campaign group Momentum said their party’s app had been developed by a team of volunteers, adding: “I’m sure they’d be happy to give the Tories a few tips next year.”
The Conservative Party conference is being held in Birmingham and is due to start on Sunday.