What is really going on in politics? Get our daily email briefing straight to your inbox Sign up Thank you for subscribing We have more newsletters Show me See our privacy notice Invalid Email

Top Tory cabinet ministers' personal details, including what appear to be their mobile phone numbers, were exposed to the world today thanks to a major security flaw in the party's own app.

The serious blunder allowed anyone to access details of hundreds of MPs including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson - who have police protection and warn regularly of the hacking threat from Russia.

The massive data breach could now leave the Conservative Party open to fines and an investigation by the Information Commissioner.

The incident is a huge embarrassment for the Tories - who have vowed to "regulate the internet" and crack down on the irresponsible use of data.

An ICO spokesperson said: “We are aware of an incident involving a Conservative Party conference app and we will be making enquiries with the Conservative Party.

“Organisations have a legal duty to keep personal data safe and secure. Under the GDPR they must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms.”

The flaw, revealed on Twitter by Guardian columnist Dawn Foster, was part of an app that offers a guide to the Conservative Party Conference in Birmingham, which starts tomorrow.

Anyone who downloaded the app could log in to it as any registered attendee with their publicly-available email address, without requiring any password or security measures.

Mischief makers could then see and edit other personal details for whoever they logged in as - be they MPs, journalists or other attendees.

They could also share messages on the app's internal messaging system.

Within minutes of the vulnerability being revealed, Boris Johnson’s profile image was changed to a picture of hardcore pornography.

Mr Johnson's title was almost immediately changed to “d******d”, and his position edited to say “HARD BORDER”.

Education Secretary Michael Gove's profile picture was changed to one of Rupert Murdoch.

What appeared to be Mr Gove's mobile number was available along with that of other politicians including Mr Johnson, Mr Williamson, Mr Hunt and Tory Brexiteer MEP Daniel Hannan.

The login function was removed today around an hour after it was pointed out on Twitter.

New tougher EU laws, the General Data Protection Regulation, were brought into force earlier this year allowing firms that breach data protection rules to be fined up to 20million Euros.

The Information Commissioner's office has been contacted for comment.

According to the 'about' section of the app it was designed by Australian firm CrowdComms, which boasts it "delivers seamless event tech solutions."

Its other clients include Morgan Stanley and the Australia Post.

The firm's London office could not immediately be reached for comment.

Labour's Shadow Cabinet Office minister Jon Trickett said: "How can we trust this Tory Government with our country's security when they can't even build a conference app that keeps the data of their members, MPs and others attending safe and secure?

"The Conservative Party should roll out some basic computer security training to get their house in order."

A spokesman for pro-Jeremy Corbyn group Momentum - which has pioneered its own conference app for Labour - said: “This sums up the Tories, staggeringly incompetent and out of touch with the modern world.

"They can’t even build a basic conference app without a huge data breach.

"It’s terrifying that they’re in charge of the tech that runs our hospitals, schools and airports."

A Conservative spokesman said: "The technical issue has been resolved and the app is now functioning securely. We are investigating the issue further and apologise for any concern caused."