The Conservative Party is being investigated over whether it carried out a data breach on the same day the prime minister insisted it is keeping Britain “safe”.
It was claimed that an email purportedly from Conservative Campaign Headquarters (CCHQ) was CCed with hundreds of people’s email addresses without their permission, a potential breach of general data protection regulation (GDPR).
Journalist Rachel Cunliffe, associate political editor at the New Statesman, said she had received an email in which hundreds of email addresses were included.
She wrote on X, formerly Twitter, on Monday: “Did anyone else just get this email, ostensibly from CCHQ, which has CCd rather then BCCd its recipients and thus shared hundreds of personal email addresses?”
She posted a screen grab of the email she received, which asked recipients to submit their registration for the Conservative Party conference later this year.
Did anyone else just get this email, ostensibly from CCHQ, which has CCd rather then BCCd its recipients and thus shared hundreds of personal email addresses? pic.twitter.com/jemB1JSchK
— Rachel Cunliffe (@RMCunliffe) May 13, 2024
The grab contained grammar and spelling errors, as well as double spacing between some words, and a link for recipients to click.
A Conservative Party spokesman told Yahoo News: “We are aware of an issue relating to a conference registration email and are currently investigating the cause of this. We apologise to those affected and have self-reported to the Information Commissioner’s Office.”
The party has confirmed to Yahoo that the email was genuine.
The party is reported to have sent a follow-up email – which has not been seen by Yahoo – apologising for the error, saying: “Please accept our sincere apologies for this. We have taken steps to ensure that this issue does not happen again.”
Conservative Party has referred itself to the Information Commissioner after sharing hundreds of personal email addresses, including a number of MP addresses, when it sent out a conference reminder earlier today pic.twitter.com/474IOOBUEk
— Rachael Burford (@RachaelBurford) May 13, 2024
The Information Commissioner’s Office, which regulates data protection, confirmed that it is investigating.
A spokesperson told Yahoo News UK: “The Conservative Party has made us aware of this incident and we are assessing the information provided.
“Failure to use BCC correctly in emails is one of the top data breaches reported to us every year. Organisations should consider using alternatives to BCC such as bulk email services, mail merge, or secure data transfer services, so personal information is not shared with people by mistake.”
It came as party leader and prime minister Rishi Sunak made a major speech about security and said the country would be less safe under Labour leader Sir Keir Starmer.
Sunak said: “I believe that we will keep this country safe and Keir Starmer’s actions demonstrate that he won’t be able to do that.”
The Conservative Party is being investigated over whether it carried out a data breach on the same day the prime minister insisted it is keeping Britain “safe”.It was claimed that an email purportedly from Conservative Campaign Headquarters (CCHQ) was CCed with hundreds of people’s email addresses without their permission, a potential breach of general data protection regulation (GDPR).Journalist Rachel Cunliffe, associate political editor at the New Statesman, said she had received an email in which hundreds of email addresses were included.She wrote on X, formerly Twitter, on Monday: “Did anyone else just get this email, ostensibly from CCHQ, which has…
Conservatives investigated over possible mass email data breach – Yahoo News UK
Source: Assent.InfoSec