The United Kingdom’s Conservative Party, known as the Tories, reported itself to the UK information watchdog on May 13 for inadvertently spilling the email addresses of 344 Tory members and journalists. The revelation came on the same day that Conservative Prime Minister Rishi Sunak claimed that the Tories were the best choice for keeping the UK secure.
“On the day Rishi Sunak proclaims the Tories as the great protectors of our national security, it turns out they can’t even protect a database of contacts. You couldn’t make it up,” a source from the opposition Labour Party stated. A general election is due in Britain by January 2025.
Conservative Campaign Headquarters (CCHQ) sent an email to prominent party members, journalists, and others asking them to register for a party conference and mistakenly CC’d all recipients instead of BCC’ing them on the email. As a result, all 344 recipients could see the email addresses of all the other recipients.
The UK’s Information Commissioner’s Office, a government information watchdog, is investigating the breach, which could be a violation of the country’s General Data Protection Regulation (GDPR) and result in fines for the Tories.
Because the email contained grammar and spelling mistakes, there was some initial concern that the message was fake or the result of a cyber intrusion of Conservative Party databases. A Tory spokesperson confirmed the email genuinely came from CCHQ and apologized for the exposure of the email addresses.
“Please accept our sincere apologies for this. We have taken steps to ensure that this issue does not happen again,” the party said in a follow-up email to the initial recipients.
The Information Commissioner’s Office also said in its statement about the email breach, “Failure to use BCC correctly in emails is one of the top data breaches reported to us every year. Organisations should consider using alternatives to BCC such as bulk email services, mail merge, or secure data transfer services, so personal information is not shared with people by mistake.”