UK Parliament
Over 70 people who sent personal information to a Commons select committee may have had their data compromised in the recent cyberattack targeting the UK Parliament. Dan Kitwood/Getty Images

More than 70 people who sent personal information to a Commons select committee mailbox have been informed that their data may have been compromised in the recent cyberattack targeting the Houses of Parliament. In June, hackers targeted the British Parliament in a "sustained and determined" 12-hour-long cyberattack that breached less than 0.5% of parliament's 9,000 email addresses.

The House of Commons said 39 email accounts were affected in the cyberattack, including a select committee mailbox that contained emails with personal information. The Commons did not specify which committee was affected.

"In the case of one compromised generic organisational mailbox, a Commons Select Committee mailbox, 77 people have been notified that personal data - information on personal circumstances provided to support the work of the Committee - was contained in the mailbox and so may be at risk of compromise", the Commons said in an update.

Both the House of Commons and House of Lords have notified the Information Commissioner's Office of the data breach.

The Commons said 26 people had their accounts compromised in the attack, including six MPs and ten MPs' staffers, a member of the House of Lords and one member of their staff as well as five personnel from the House of Commons Administration.

The parliamentary account holders affected in the attack have not been identified.

Officials said hackers targeted parliamentary accounts with "weak" passwords that "did not conform to guidance."

"These compromises were made possible by the use of passwords that were compliant with the technical controls in place but did not conform to guidance issued by the Parliamentary Digital Service", the Commons said. "Three of the six MPs had accounts compromised because their mailboxes were linked to their members of staff whose passwords were compromised.

"We have invested heavily in cyber security measures and will continue to do so. A series of technology changes – including multi-factor authentication – have already been made to increase security."

The National Crime Agency and National Cyber Security Centre are currently investigating the cyberattack and the perpetrators behind it.