The European Parliament sent its employees a letter on May 22 informing them that a data breach resulted in their personal information being stolen. According to the letter, all systems of the recruitment platform, PEOPLE, were breached.
The information includes passports, work experience emails, identity cards, and excerpts of criminal records. Other data includes place of residence, education, contracts, entitlement documents, civil status, and other personal details.
The breach began at the beginning of 2024 but wasn’t confirmed until director-general Kristian Knudsen discovered it on April 25. After the letter was sent out, a Parliament spokesperson reached out to Euractiv, a popular European news platform, to give a statement.
“After analysis, all active and non-active users were provided with detailed information on 22/05, in line with the recommendation of the European Data Protection Supervisor (EDPS),” it said.
PEOPLE users can remove their personal data from their accounts or deactivate it in lieu of the breach. The drawback to this is that users who have deactivated their account or have an otherwise inactive account have no way to log in and change any of their information. This presents a serious security concern for older Parliament employees.
The employees are voicing their concerns over the data breach and what consequences it could have for them.
“Our identities can be basically stolen and our data can be misused,” said Parliamentary assistant Dávid Kardos. “(Why) was not even a single piece of recommendation offered?”
Kardos also criticized Parliament for its delayed release of the letter, asking: “I wonder why they came forward with this now when the parliamentary term is already over?”
The European Parliament has yet to release details on how many were affected by the breach, but they have prohibited use of PEOPLE.