Security Blunder Leaks Conference Delegates Data

The Tory Conference app has been hacked and people have got hold of Boris Johnson’s mobile number, prank called the Secretary of State for Defence Gavin Williamson, changed Michael Gove’s profile pic to Rupert Murdoch… well you get the idea.  When Guido says “hacked” he actually means you just had to enter Boris’s email address and you were logged in as him. Which is exactly what Guardian columnist Dawn Foster did when she logged on as Boris Johnson. She then – illegally in a breach of data protection laws – tweeted out the exploit to all and sundry leading to a massive data breach being opened for almost an hour before CCHQ managed to shut down all the personalisation functions. The app store says the app was heavily downloaded today…

Guido is a bit late to reporting this because for the last 3 hours he has being trying to discover what personal data of his is out in the public domain. Under the GDPR law it is an obligation for organisations to inform individuals without undue delay. They must also

  • ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
  • keep a record of any personal data breaches, regardless of whether you are required to notify.

Guido contacted the CCHQ press office trying to find out what was going on after he saw his conference pass photo was out there on the internet and he got a prank text message. At the time of going to pixel attendees have not even been informed of the data breach unless they logged in before the personalisation functionality was removed. If like Guido you had no idea about the existence of the app never mind that your data was on it, you will not have been informed. Journalists, MPs, ministers, diplomats and regular delegates who have been compromised will not know unless they are told by CCHQ – as required by law. So that warning needs to go out, now.


Tech News Links



Tip offs: 020 7193 4041
team@Order-order.com

Quote of the Day

Dr Alexander Kogan, the app developer who originally harvested the Facebook data, said…

“I think what Cambridge Analytica has tried to sell is magic and made claims this is incredibly accurate and it tells you everything there is to tell about you. But I think the reality is it’s not that. If you sit down and you really work through the statistics and you think what does a correlation of point three means, those claims quickly fall apart. And that’s something any person with a statistical background can go and do.”

Sponsors

Guidogram: Sign up

Subscribe to the most succinct 7 days a week daily email read by thousands of Westminster insiders.