LONDON (Reuters) - British Prime Minister Theresa May’s Conservative Party is investigating a data breach which let members of the public log into a smartphone app as senior government ministers and view their personal details.
“Any breach is a serious breach that’s why we are fully investigating it and are taking it very seriously,” party chairman Brandon Lewis told Sky News on Sunday.
Speaking on the first day of the party’s annual conference, which the app was promoting, Lewis said a “limited” number of users had been affected.
On Saturday, a columnist with the Guardian newspaper, Dawn Foster, discovered that a flaw in the app allowed users to log in as anyone attending the party conference, simply by entering an email address.
Lewis said the breach had been reported to the Information Commissioner’s Office, Britain’s data regulator, and that the loophole had been shut down within 30 minutes of the party being notified.
When active, the flaw meant the mobile phone numbers of all those attending the conference - lawmakers, including senior government ministers, party members and journalists - could be accessed. On Twitter, Foster showed how she had been able to log into the system as former foreign secretary Boris Johnson.
Reporting by Kylie MacLellan, writing by William James, editing by Elizabeth Piper