Defence Minister's Phone Number Leaked in Tory App Blunder – School Kids First to Prank
Manchester-based cyber security expert Kevin Beaumont criticised the App’s developers for failing to carry out “basic due diligence”.
According to the App’s ‘about’ section, it was designed by Australian firm CrowdComms, which claims it “delivers seamless event tech solutions.”
Mr Beaumont said: “The Conservative party mobile app had no requirement for a password, just an email address, to view and edit details.
“Unfortunately MPs’ email addresses are public record – they’re on the Parliament website – so there was essentially no security whatsoever to access personal information.
“A basic due diligence assessment by the company, who made the app, would have picked this up, assuming basic competence.”
The Conservative Party has since apologised to its delegates, blaming CrowdComms, which itself has apologised “unreservedly” for its “error”.
An ICO spokesperson said: “We are aware of an incident involving a Conservative Party conference app, and we will be making inquiries with the Conservative Party.
“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”
A Conservative spokesman added: “The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused.”]]>