The Conservative Party has been forced to refer itself to the data watchdog after accidentally sharing hundreds of email addresses.
In a major blunder, an official email was sent to members encouraging them to sign up for this year’s Tory party conference, where the recipients’ email addresses were visible. The round robin email failed to use the BCC function, which keeps people’s email addresses private.
A Conservative Party spokesman said: “We are aware of an issue relating to a conference registration email and are currently investigating the cause of this. We apologise to those affected and have self-reported to the Information Commissioner’s Office (ICO).”
The data breach came at an awkward moment for Rishi Sunak, who gave a major speech earlier today talking up his national security credentials. A Labour source said: “On the day Rishi Sunak proclaims the Tories as the great protectors of our national security, it turns out they can’t even protect a database of contacts. You couldn’t make it up.
“The country can’t risk another five years of the Conservatives, who have hollowed out our armed forces and turned Britain’s borders into a sieve.”
The massive data breach leaves the Conservative Party open to fines and an investigation by the Information Commissioner. An ICO spokesperson said: “The Conservative Party has made us aware of this incident and we are assessing the information provided. Failure to use BCC correctly in emails is one of the top data breaches reported to us every year.
“Organisations should consider using alternatives to BCC such as bulk email services, mail merge, or secure data transfer services, so personal information is not shared with people by mistake.”
The party came under fire back in 2018 when a major security flaw in the Tory conference app exposed Cabinet Ministers’ personal details. Anyone who downloaded the app could log in as a registered attendee using their publicly-available email address, without requiring a password or security measures.
Boris Johnson’s profile image was changed to hardcore pornography while Michael Gove’s picture was replaced with one of Rupert Murdoch. The login details were removed after the mistake was flagged on Twitter.