The European People’s Party (EPP) may have been the source of the biggest data leak in the history of the European Union, in which data pertaining to 1,200 accounts of elected officials and staff, along with another 15,000 other accounts of EU affairs professionals has been exposed, conservative Hungarian news site Mandiner reports.
The leak was first revealed on Friday by Indian cybersecurity company Shadowmap, whose founder Yash Kadakia said that it had discovered files containing data like passwords, job descriptions and other personal information via an internet portal that’s part of the European Parliament’s domain and used by its officials.
While a spokesman for the European Parliament (EP) originally denied the existence of the breach, Marcel Kolaja, the European Parliament’s vice-president for IT policy, confirmed it on Saturday, saying that the exposed information is “a huge amount of data”, includes sensitive information and encrypted passwords.
It comes from a system that had been run under the European Parliament’s official “europarl.eu” domain, Kolaja said, but the data had not been hosted by the institution itself.
“The system in question is a system run by one particular political group and it was data by that political group, and they were immediately made aware of that incident,” Kolaja said.
While Kojala did not name the particular group in question, Politico found out that the data may have come from the server of the EPP.
EPP spokesman Pedro López de Pablo confirmed in an email that a database containing email addresses and passwords had been exposed.
He added, however, that the database was outdated and only contained information “used by the people who [were] subscribed to our old website back in 2018.” That website is no longer in use after the group launched a new website in January 2019, López de Pablo said.
Title image: Flags of European Union member states.