Public Services > Central Government

Weak passwords blamed as Parliament recovers from cyber attack

David Bicknell Published 25 June 2017

Around 1% of 9000 parliamentary network email accounts compromised through use of passwords “that did not conform to guidance issued”; investigations continue over potential data loss

 

Parliamentary IT officials have indicated that following the cyber attack on the parliamentary network at the weekend, plans are being made to resume wider IT services, with both Houses of Parliament meeting “as planned” today (Monday).

The attack compromised around 90 email accounts on the Parliamentary network, around 1% of the 9000 total, largely as a result of users’ weak passwords which, officials said, “did not conform to guidance issued by the Parliamentary Digital Service.”

Investigations are continuing to establish whether any data has been lost in the attack.

In a statement issued on Sunday, parliamentary officials said, “Parliament’s first priority has been to protect the parliamentary network and systems from the sustained and determined cyber attack to ensure that the business of the Houses can continue. This has been achieved and both Houses will meet as planned tomorrow.

It continued, “Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service. As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are underway.”

The officials have been working with the National Cyber Security Centre (NCSC) to investigate the attack. The National Crime Agency also said it was co-operating with NCSC which was leading the operational response.

On Saturday, parliamentary officials published an initial statement which said, “We have discovered unauthorised attempts to access accounts of parliamentary network users and are investigating this ongoing incident, working closely with the National Cyber Security Centre. Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure out network.

“As a precaution, we have temporarily restricted remote access to the network. As a result some Members of Parliament and staff cannot access their email accounts outside of Westminster. IT services on the Parliamentary estate are working normally.”

 

 








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.