Share this article on:
The European Parliament is notifying its staff that a threat actor breached its systems and exfiltrated sensitive data.
Earlier in the year, threat actors breached the PEOPLE recruitment system used by the European Parliament for hiring non-permanent staff.
The attack was then discovered on 25 April.
As of 22 May, the European Parliament has begun notifying staff of the breach, giving details of what it entails. According to the email, the data stolen in the breach includes identification documents, passports, work experience and excerpts of criminal records, military obligations, declarations of honour, education, contracts and entitlement documents. All documents are believed to have been affected.
According to a spokesperson for the European Parliament, the PEOPLE HR tool has since been deactivated as investigations are ongoing.
“After analysis, all active and non-active users were provided with detailed information on 22/05, in line with the recommendation of the European Data Protection Supervisor (EDPS),” a spokesperson told EU publication Euractiv.
The European Parliament has not disclosed how many people were affected in the breach, nor is it clear how the threat actor gained access. No individual or group has come forward claiming the breach publicly.