MPs Warned Over Data Leaks Linked to Official Email Addresses

UK MPs have been warned not to use their parliamentary emails for non-parliamentary activities, or to reuse passwords, after research conducted by Swiss online service provider Proton found 216 data breaches linked to MPs' email addresses. The company examined 2,280 official email addresses across the UK, French and European parliaments, including 650 from the UK Parliament. It found over two-thirds of British parliamentary email addresses had appeared on the dark web, compared to 18% of French addresses and 44% from MEPs.   Proton found that politicians regularly used their official email addresses to sign in to online services, such as LinkedIn, Adobe, Dropbox, Dailymotion, petition websites, news services and, in a small number of cases, dating websites. The joint investigation by Proton and Constella Intelligence revealed that some passwords had been compromised, with 216 passwords associated with UK parliamentary email addresses being exposed in plaintext, and 30 breaches linked to the worst affected MP. By comparison, 161 passwords linked to MEPs were exposed, with the most targeted MEP exposed 27 times, and 320 passwords linked to French lawmakers were exposed, with one politician targeted 137 times.   Using their official email addresses for non-parliamentary activities can lead to "all sorts of risks," according to security specialist Will Geddes. He recommended MPs use password managers and multi-factor authentication instead of recycling the same password. Researchers from Proton also discovered "sensitive information" linked to politicians' emails, including the dates of birth, addresses of residences and social media accounts of parliamentarians.    A parliamentary spokesperson said that Parliament takes cybersecurity "extremely seriously" and that it had robust measures in place, "including providing advice to users to make them aware of the risks and how to manage their digital safety—working closely with our partners in the National Cyber Security Centre."    Recent debates in the parliamentary committees have suggested that social media companies should be subject to tighter regulatory frameworks. The report of the Joint Committee on Human Rights examined the human rights implications of Ministerial statement proposed by the Home Secretary Priti Patel, which would create forces to combat the spread of disinformation, including potentially the ability to block user-generated content. The report offers an outline of what is required for effective regulation to respect human rights by focusing on the importance of transparency, a clear legal basis, and safeguards that guarantee freedom of expression.    The UK government has introduced an opt-in scam-blocking service for small businesses. The National Cyber Security Centre (NCSC) said the service would give SMEs "the same protection as our biggest banks and companies". The service warns users if they try to visit a malicious domain from their personal devices and blocks outgoing traffic to such domains. NCSC director for national resilience and future technology Jonathon Ellison urged eligible users to sign up, saying, "Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society.

Hot News