As you may be aware, the Parliamentary computer network suffered a serious and sustained cyber-attack which has resulted in a small number of email accounts being compromised. One of these accounts belongs to a member of my staff, which is also linked to my own inbox. I have self-referred this breach directly to the Information Commissioner’s Office[i].
The Parliamentary Digital Service, as the provider of the system which hosts these inboxes, has been working to identify what has been downloaded but it has not yet been possible. I have been advised that, given the amount downloaded, a statement on my website and self-referral is appropriate and I am awaiting a response from the ICO.
I would like to reassure you that I take the protection of people’s personal data very seriously. Along with the National Crime Agency and National Cyber Security Centre, the House of Commons authorities are currently investigating what happened and are taking steps to ensure that this kind of attack doesn’t succeed again in the future. There is now a two-step authentication process to access emails from remote devices and all users have been notified of the requirement to use high-strength passwords. Anyone who fails to do this in the future will be subject to disciplinary action.
[i] The Information Commissioner’s Office is the independent body responsible for information rights in the UK. If you would like to know more about the Data Protection Act 1998 (DPA), or wish to make a further complaint, the Information Commissioner’s Office website provides further details. The website is available at https://ico.org.uk/.