Initial reports suggest attackers used brute-force attack methods to access Parliament members’ emails. Parliament’s first response was to temporarily suspend access to remote email servers.
According to their statement, “Parliament’s first priority has been to protect the parliamentary network and systems from the sustained and determined cyberattack to ensure that the business of the Houses can continue. This has been achieved and both Houses will meet as planned today.”
Approximately 90 accounts appear to be affected by the attack, whose root cause has been blamed on weak passwords. “As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.”
Email addresses hosted on the “parliament.uk” domain were also affected, possibly compromising private communications between members of Parliament and their constituents.
Currently, there is no evidence to the identity of the attacker.
Attacks like this continue to highlight the necessity of implementing multi-factor authentication – the key defense against brute-force attacks.