Parliament email security breached by cyber-attack

Parliament has been hit by a “sustained and determined” cyber-attack by hackers trying to gain access to the email accounts of MPs and their staffers.

Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords. MPs said they were unable to access their emails after the attack began.

The estate’s digital services team said they had made changes to accounts to block the hackers from gaining access, and that the changes could mean staff were unable to access their emails.

An email sent to all those affected and seen by the Guardian said: “Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.

“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to our emails.

“We have been working closely with the National Cyber Security Centre to identify the method of the attack and have made changes to prevent the attackers gaining access; however, our investigation continues.”

The changes are believed to have stopped MPs and their offices from accessing emails on mobile phones and tablets outside Westminster. “Access to systems [in] the Westminster estate has not been affected,” the email said, before adding that further disruption was likely.

The Liberal Democrat peer Chris Rennard said a “cyber-security attack on Westminster parliamentary emails” meant access to accounts may be restricted.

Henry Smith, the Conservative MP for Crawley, said on Twitter: “Sorry no parliamentary email access today - we’re under cyber attack from Kim Jong-un, Putin or a kid in his mom’s basement or something...”

A House of Commons spokesperson said: “The Houses of Parliament have discovered unauthorised attempts to access parliamentary user accounts.