The European Parliament has circulated an internal notification of a data breach regarding the external application that supports recruiting non-permanent staff, including MEPs’ assistants, interns, consultants, and contractors.
The data breach was found out on 25 April by the Parliament’s cybersecurity experts. It concerns the application PEOPLE, which is based in Luxembourg. The relevant national authority and the European Data Protection Supervisor have been informed as Tim Royston-Webb, CEO of global cybersecurity leader, SentryBay, warned of potential further disruption during the forthcoming European Parliament elections.
EU Employees Must Change Passwords
The entity of the breach is still unclear, but it might be very serious. PEOPLE stored all the data needed for the recruitment process, including home addresses, bank details and criminal records. As a precaution, EP staffers have been asked to change their passwords.
According to Euractive, a data breach notification was emailed by Kristian Knudsen, Director-General for Personnel at the European Parliament, on 6 May. The notification warned the breach “may have exposed your personal data to unauthorised access by external parties”.
“If this data breach is confirmed to result from a hack, it would be further evidence that the EU institutions, and especially the Parliament, have an inadequate cybersecurity posture,” said Tim Royston-Webb, CEO, SentryBay. “The timing would also be interesting, with the European elections coming up in a few weeks. It was only in late 2023 that the European Parliament’s IT department presented a report to MEPs (Member of European Parliament), advising that state-sponsored attacks on the Parliament have become more sophisticated and more numerous since the last elections in 2019.”
SentryBay Shields Applications Against Data Breaches
“At SentryBay, we’ve developed cutting-edge solutions tailored to shield software applications from the type of data breach reported by Kristian Knudsen at the European Parliament,” said Brent Agar, VP Strategic Partnerships, SentryBay. “Our technology secures data right from the input stage, during login, and even when sensitive corporate information is viewed. This proactive approach not only prevents unauthorized data capture but also ensures that all interactions with data-focused applications such as the PEOPLE application used by the European Parliament are conducted within a secure environment.”