Geenstijl

Lekkerdelek

Drup drup drup wat lekt daar zo. Het zijn de strafbladen, arbeidscontracten en paspoorten van alle geaccrediteerde parlementair assistenten (oftewel: alle medewerkers van meer dan 700 Europarlementariërs) van het Europees Parlement. Daar zijn die medewerkers (en ex-medewerkers) in mei al voor gewaarschuwd, en gisteren hebben ze info gekregen over waar 'external parties' allemaal 'access' toe hebben gehad. En dat blijkt dus: best wel veel te zijn. "Identity card or passport, Extract of criminal records, Civil status certificates, Certificates and other documents to determine the residence or domicile, Education or experience supporting documents, Military obligations certificate, Declaration of honour documents made by data subject, Documents to establish the individual entitlements, Contract and additional administrative documents." Een mail daarover aan een kuchende ex-medewerker in een regenjas is weer gelekt naar GeenStijl, en die kunt u na de breek lezen. 

Voor de nodige context citeren wij het bericht van Euractiv van 7 mei:

"The breach comes just one month before the EU Parliament elections on  6-9 June, amid growing fears of cyber interference and disinformation campaigns.

In February, another internal email, reported by Politico, revealed that Parliament’s defence committee was the subject of phone hacking, following insiders’ opinion that the EU institution’s cybersecurity is not ready for the elections and the accompanying possible attacks.

Also in February, Euractiv reported that the Parliament’s usage of TikTok in campaigning for the June EU elections, despite prior cybersecurity bans, raises questions about its secure implementation."

Gaat lekker daar in Brussel. Echt een fijn idee dat de EU binnenkort in al uw privé-appjes mee wil kijken.

Dear [XXXXX]

On 6 May 2024, we informed you of personal data breach in accordance with Article 35 of Regulation (EU) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Since then, the Parliament’s competent services have been working with the European Data Protection Supervisor in order to ensure the best possible follow-up. The Parliament’s cybersecurity experts, as well as the Luxembourg Police, continue to carry out in-depth analyses in order to clarify all the circumstances surrounding the breach.

In your case, the following categories of documents were accessed:

Category of document	Number of documents available	Number of documents accessed
Identity card or passport	[X]	[X]
Extract of criminal records	[X]	[X]
Civil status certificates	[X]	[X]
Certificates and other documents to determine the residence or domicile	[X]	[X]
Education or experience supporting documents	[X]	[X]
Military obligations certificate	[X]	[X]
Declaration of honour documents made by data subject	[X]	[X]
Documents to establish the individual entitlements	[X]	[X]
Contract and additional administrative documents	[X]	[X]

The documents were accessed in early 2024. While the Parliament has not received any reports of attempts of identity theft in relation to this incident, as advised in the email you received on 6 May 2024, please stay alert and cautious. In particular, please stay vigilant against potential phishing attempts. Be careful if someone claiming to be from the European Parliament contacts you, requesting your credentials or passwords to check your situation. Remember that the European Parliament will never ask for your credentials or passwords under any circumstances.

The PEOPLE application is in the process of being secured and will soon be back online. However, as you are no longer in a recruitment procedure, your account is not accessible any more. We recommend that you also consider your password practice in general. If you have used the same password for the PEOPLE application as for any other online accounts, we advise you to change it there too. As a precaution, consider that password as being no longer safe to use in any context also in the future.

Should you require additional information, you can contact us at PERS-SupportPeople@europarl.europa.eu , the email address from which this communication was sent.

Alternatively, you may contact European Parliament’s Data Protection Officer, Secondo SABBIONI, LUX - ADENAUER 14T012, data-protection@europarl.europa.eu .

Kind regards,

PEOPLE application team