Tories commit huge data breach with conference app

IMG_20180929_154255_004.jpg

It was hard to imagine that the Tories could conceivably top last year’s conference disaster. Letters falling off their slogan behind Theresa May, her unstoppable coughing fit and the joke P45 – and of course, the fact that her keynote speech included lines lifted directly from the West Wing – made 2017’s event unforgettable in its incompetence.

But before this year’s drear-fest has even begun, they’ve already done ‘better’, potentially costing themselves £20 million.

A huge flaw has been discovered in the Tories’ conference app that reveals full contact details of each registered person if you simply enter their email address.

As journalist dawn Foster observed, they’ve essentially made the personal data of every registrant available in the public domain.

Breaches of ‘GDPR’ data laws carry fines of up to twenty million pounds. It’s hard to imagine this breach will be classified as anything but serious.

Complaints are already being made to the Information Commissioner.

The SKWAWKBOX needs your support. This blog is provided free of charge but depends on the generosity of its readers to be viable. If you can afford to, please click here to arrange a one-off or modest monthly donation via PayPal. Thanks for your solidarity so this blog can keep bringing you information the Establishment would prefer you not to know about.

If you wish to reblog this post for non-commercial use, you are welcome to do so – see here for more.

12 responses to “Tories commit huge data breach with conference app

  1. The Tory’s incompetence shines through yet again. Will their ability to raise funds to pay their fine be dependent on how successful their conference is.

  2. Once again the Tories try to imitate Labour and fall straight on their face.

  3. Knowing the Tories they probably outsourced responsibility for the job and went for the cheapest private company they could find.

    Reminds me of British Airways who, not too long ago, outsourced their IT systems to India. Hacks and data breaches galore followed.

  4. Remember all the times Tory MPs have talked tough about “holding these big companies to account” for data breaches?
    I lie to them all about everything – I get “HAPPY BIRTHDAY” emails about twenty times a year 🙂

  5. And to think we trust them with sensitive and crucial brexit negotiation….well not me in fact. They do more harm than Putin and Trump combined.

  6. Or maybe they pressurised a browbeaten intern to build an app for them.

  7. ”Breaches of ‘GDPR’ data laws carry fines of up to twenty million pounds. It’s hard to imagine this breach will be classified as anything but serious.”

    Nah, it’s the toerags, Skwawky. Law unto themeselves. I expect no more than a ‘tut’ and a finger-wagging.

  8. It’s 20m Euros as a maximum fine. This would seem to be a breach of rights and so serious.

    It should have had a data privacy impact analysis and if deemed a high risk, permission needs to be sought from the ICO to deploy the app.

    The cyber-secuirty controls should have been defined and tested before and after the DPIA.

    The Tories have 72 hours to notify the ICO of the breach. They will need to consider remediation for each an every user impacted.

    Breach of rights as opposed to a failure in to protect no longer needs to prove harm. They are in a very difficult position.

  9. Expect a slap on the wrist, Brandon ‘Barrow Boy’ Lewis to get the blame and the boot, Tories very good at finding scapegoats never taking responsibility.

Leave a Reply