In September, the U.K. Conservative Party conference’s official app allowed anyone to access and change details of attendees, including members of government. Members of the public were able to log in as a lawmaker by using their email address, giving them access to personal information such as private phone numbers. The app’s developer, CrowdComms, apologized for the flaw, which has since been fixed.
The widespread leak of data is emblematic “of a wider cultural problem business have towards data,” said Julian Saunders, chief executive officer of personal data governance service Port, in which too little care is given to the protection of information that’s not as obviously sensitive, such as credit card numbers and passwords.
He said such low-level leaks were why Europe’s GDPR legislation was required. The law mandates that companies have to take technical precautions such as encryption to ensure all client data is protected. It also states that firms must notify authorities about breaches within 72 hours of learning about them. Violations of GDPR rules may lead to fines of as much as 4 percent of a company’s global annual sales.
Melson said the affected websites Seer had identified as vulnerable were “largely” U.S.-based. “We’re finding significantly fewer U.K. companies,” he said, adding that it suggested GDPR rules were having a positive effect.
This article was provided by Bloomberg News.