Posted on May 17, 2020
The European Parliament has been the victim of "a major data breach" that has seen personal data of more than a thousand staff and members of the European Parliament exposed online.
The fact that the incident appears to have been discovered not by the institution itself, but by Shadowmap, an Indian cyber-security company, raises serious questions. It comes a decade after a major breach, reportedly initiated in China, the details of which have never been made fully public.
Shadowmap founder, Yash Kadakia, told POLITICO that it had discovered files containing data such as passwords, job descriptions and other personal information via an internet portal that is part of the Parliament’s domain and is used by its officials.
The unprotected data also includes information of thousands of people with links to political parties and institutions, including members of EU agencies and authorities like law enforcement agency Europol, the European Data Protection Supervisor, border agency Frontex and others, Kadakia said.
Marcel Kolaja, the Parliament's vice president for IT policy, confirmed to POLITICO on Saturday that data included 1,200 accounts of elected officials and staff, along with another 15,000 other accounts of EU affairs professionals,
The information came from a system that had been run under the European Parliament’s official europarl.eu domain, Kolaja said, but the data had not been hosted by the institution itself.
“The system in question is a system run by one particular political group and it was data by that political group," Kolaja said, "and they were immediately made aware of that incident.”
It is believed that the data, which had been taken offline by Saturday afternoon, related to the European Peoples' Party (EPP), the largest political group in the European Parliament.
Follow EU Today on Social media: