cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
leroux
Community Champion

UK: Conservative Party leak MPs' and journalists' phone numbers through its conference qpp

The Conservative Party has accidentally revealed personal details of senior cabinet ministers, MPs and prominent journalists in a major security breach on its official conference app.

The data watchdog is investigating the system flaw which allowed anyone to access mobile numbers, email addresses and private data belonging to conference attendees, simply by logging in using someone’s email address.

The blunder could leave the Tories open to being fined and an investigation by the Information Commissioner’s Office (ICO).

An ICO spokesperson said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.

“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”

Labour immediately seized on the gaffe as an example of how the government could not be trusted to keep the country safe.

 

More to follow....the Independant paper

2 Replies
Early_Adopter
Community Champion

Thanks @leroux

 

The Conservative party, dismayed at the coarsening of debate in the country simply wanted to democratize politics again by making access to politicians, members and opinion shapers more direct than ever before... 😄

 

It’s a challenge to procure secure services if you don’t have the right security people looking at them and there is government space in the UK(not admittedly the same as political parties) push out the folks that could help them on this to private firms and consultancies. Usually based on cost and not being able to pay the going market rate, of course as the old adage begins “Pay peanuts...” so I with party funds dropping and perhaps a leave it to a third party* mentality this seems a logical thing to happen. Lack of security/privacy by design, and the loophole is closed off after the horse has bolted.

 

Dissapointed to the the opposition go straight on the offensive, rather than thinking about the implications of this. Yes it’s pretty staggering, but I’m pretty sure there’s a bit of “There but by the grace of ${DIETY_OR_PHILOSOPHY} go I in play here, and frankly if the US political parties can fall foul of cybersespionage then you can be sure others are. Mature reflection might have been a better response.

 

Well let’s watch this unfold...

 

* There is a certain irony with all of the exited Britishness caused by Brexit in having an Aussie firm make your party political  inference app, but perhaps it’s the precursor to a new trade deal. Hope BCRs or Model Contracts were in place if there was a transfer of data, as Australia does not have third country adequacy.

 

 

Caute_cautim
Community Champion

So once again we find a situation, whereby we look, observe, and await the reaction.  So who can you trust these days?

 

The world depends on sharing data, yet, we are in such a rush to deploy systems, with doing the basic hygiene and once again fall foul and it just keeps coming.

 

Regards

 

Caute_cautim


@Early_Adopter wrote:

Thanks @leroux

 

The Conservative party, dismayed at the coarsening of debate in the country simply wanted to democratize politics again by making access to politicians, members and opinion shapers more direct than ever before... 😄

 

It’s a challenge to procure secure services if you don’t have the right security people looking at them and there is government space in the UK(not admittedly the same as political parties) push out the folks that could help them on this to private firms and consultancies. Usually based on cost and not being able to pay the going market rate, of course as the old adage begins “Pay peanuts...” so I with party funds dropping and perhaps a leave it to a third party* mentality this seems a logical thing to happen. Lack of security/privacy by design, and the loophole is closed off after the horse has bolted.

 

Dissapointed to the the opposition go straight on the offensive, rather than thinking about the implications of this. Yes it’s pretty staggering, but I’m pretty sure there’s a bit of “There but by the grace of ${DIETY_OR_PHILOSOPHY} go I in play here, and frankly if the US political parties can fall foul of cybersespionage then you can be sure others are. Mature reflection might have been a better response.

 

Well let’s watch this unfold...

 

* There is a certain irony with all of the exited Britishness caused by Brexit in having an Aussie firm make your party political  inference app, but perhaps it’s the precursor to a new trade deal. Hope BCRs or Model Contracts were in place if there was a transfer of data, as Australia does not have third country adequacy.