Seventy seven people who sent personal information to a Commons select committee have been told it may have been compromised in a cyber attack.
In its latest update on the attack in June, the Commons says 39 mailboxes were hit – fewer than 0.5% of 9,000 Parliamentary accounts.
But among them was a select committee mailbox, which contained emails with personal information.
The Commons has not confirmed which committee was affected.
The hack prompted officials to disable remote access to the emails of MPs, peers and their staff as a safeguard and the fact some access was gained has been blamed on “weak passwords”.
The Commons says 26 people were affected by the cyber attack, including six MPs and one peer. Among the 39 accounts affected were 11 “generic organisational mailboxes” – two people had more than one account.
“In the case of one compromised generic organisational mailbox, a Commons select committee mailbox, 77 people have been notified that personal data – information on personal circumstances provided to support the work of the Committee – was contained in the mailbox and so may be at risk of compromise,” the Commons update says.
“We have invested heavily in cyber security measures and will continue to do so. A series of technology changes, including multi-factor authentication, have already been made to increase security.”
The National Cyber Security Centre and National Crime Agency are investigating the incident which came weeks after 48 of England’s NHS trusts were hit by a cyber-attack.