Conservative Party politicians had their personal details, such as private mobile numbers and email addresses, revealed on the opening of the Party’s annual conference. This was due to a flaw in the event’s official app — CPC 2018. Those whose details were exposed included cabinet ministers, Members of Parliament, party activists and journalists. CrowdComms, the company who developed the app released a statement apologizing for the oversight and stating that the error had been fixed.
According to the Financial Times the security around the app was flawed. People were able to log-in with just an email address, with no password or other security credentials required. So, if someone wanted to log-in as Boris Johnson (the right-winger challenging Theresa May’s leadership of the Party), they could do so using his email account and then access his personal details.
Party spokesperson Brandon Lewis told The Independent that the Party was treating the security weaknesses as a “serious matter”, although he claimed the issue had only affected a “limited number” of people. He refused to provide any further details about how many people had been affected.
As a result of the breach the Party, The Verge reports, could fall foul of GDPR regulations and face heavy fines, running up to £2 million ($3 million). The event has also brought with it some unwanted publicity, overshadowing the first day of the conference.
Similar problems were not faced by the opposition Labour Party, which held its party conference a week earlier. The conference, according to the website Labour List, featured an official app. with features like “favorite” events, offering users a notification 15 minutes before their favorite event starts. In addition, Labour Party pressure group Momentum offered a digital conference portal, which provided briefings to delegates alongside a full program for an alternative left-wing conference.