European Parliament struck by data breach

Current and former employees of the European Parliament have been informed that their personal information was compromised in a recent data breach.

The origin of the breach was a recruitment application called PEOPLE, which is used for hiring non-permanent staff. Applicants use the app to upload a plethora of documents containing sensitive information, such as identity cards, passports and diplomas.

The data breach took place at the beginning of 2024 and was confirmed on 25 April by a director-general of the European Parliament. On Wednesday 22 May members of the PEOPLE application team sent an email to individual employees to notify private information had been compromised.

Former employees of the European Parliament were also notified via email, sources told Euractiv. This is confirmed by a spokesperson of the Parliament.

Authorities are investigating data breach

It’s unknown whether the data breach was the result of a cyber attack of other vulnerability. How many current and former staff members were affected by the breach, the spokesperson of the European Parliament wouldn’t say. The European Data Protection Supervisor (EDPS) and Luxembourg’s data protection authority are still investigating the breach.

The spokesperson adds that the European Parliament’s cybersecurity experts and the Luxembourg’s police force “continue to carry out in-depth analysis in order to clarify all the circumstances surrounding the breach”.

The PEOPLE application is currently offline. It’s being secured and will be back online soon.