An official UK government app came under fire after users were able to access personal information of senior party members, potentially putting it in breach of EU data laws.

BBC News reported the ruling Conservative Party’s official conference app, most recently used for an event in the city of Birmingham, allowed attendees to access details of MPs including phone numbers.

Users were able to login as an MP by second-guessing email addresses, which was typically a public parliamentary account, and accessing their personal details without the need for a password.

Once logged in, a user could also amend personal profiles, with at least two high profile members of the government having their accounts vandalised. Users were also reportedly able to access personal details of other people attending the event.

Australia-based CrowdComms, the company behind the app, released a statement apologising for the error, which it said was rectified within 30 minutes.

The UK Information Commissioner’s Office also said it would be investigating the issue, stating “organisations have a legal duty to keep personal data safe and secure.

Newspaper The Guardian noted the breach could run foul of the EU’s General Data Protection Regulations (GDPR), which the app’s privacy policy states it is compliant with.