Data from over a thousand employees of the European Parliament was easily accessible online for a considerable time. This is what Marcel Kolaja, the vice-president for IT policy in the European Parliament, told Politico.
The exposed data included log-in details for 1200 accounts of officials and staff members of one single political group, as well as thousands of other accounts of professionals involved in European affairs. The accessible data included passwords and sensitive information and would have been accessible for a considerable time.
The specific political group was not disclosed, but according to Politico, it was the European People’s Party (EPP) with Donald Tusk as president; the largest party in the European Parliament.
According to Kolaja, the group’s data could be accessed in a section of the official domain of the European Parliament, europarl.eu. The only difference was that the European Parliament did not host the data itself.
The Indian platform Shadowmap discovered the data first and alerted the affected people, after which the European People’s Party was notified of the leak. According to the party, the list was outdated and mainly contained log-in data from the group’s previous website. That particular website is no longer online, and users who used the same log-in details on both websites don’t have to worry as passwords have to be changed every three months regardless. However, the EPP will inform everyone on the list ‘in order to comply with European regulations’.